The plain user password might appear in the log messages in case of an error #1590
Comments
|
I found the same issue and this need to be fixed ASAP as it is related to security breach. |
|
Hello! Thanks for sharing this. This will only happen if the DEBUG mode is enabled, which is not related to production installations. However we should in general avoid this, so I will change the debug output to not include passwords.
|
|
The app is not in dubug mode and is running with clounron. The smtp mail setup is wrong and password is included in the error. Is there anything I can provide for further debugging? THanks. |
|
Just adding to see if I understand this right: That this scenario plays the following conditions must be met:
Do I understand this right? edit: @cashewcodes9 I also believe the software is in debug mode by default. You would need to change it after setup. |
|
Hello! Clarification: the app is not in debug mode by default. This is something you can configure in the root config.php
|
Sorry, yes I just checked my file and the debug was set to true in my config.php.... not sure where it came from, probably better for people to check their config.php if they like I did modified something and then forgot about. |
|
I was able to replicate this behavior with DEBUG_MODE=FALSE This would ideally be addressed with a proper way to configure email via the webapp's GUI, also related to #1587 The issue is due to no way to properly configure the email settings without modifying application/config/email.php, which is an ephemeral file at least in the Docker version, since easyappointments does not have a volume bind mount in which /var/www/html is saved on the host disk. Since email is not properly configured, the webapp GUI throws an error and displays the email's contents, which includes the password. Even more ideally, this would be addressed with a true password reset link rather than sending an email with a plaintext password. |
|
Hello! Quick update on this one: I have updated the logging to not include that much additional information, not only in order to avoid the exposure of sensitive data, but also in order to avoid unnecessary data from being stored in the log files. More update on this topic will become available before the new release.
|
alextselegidis
changed the title
|
Some additional info on this ticket (as of v1.5.1-dev): It seems that the password is not rendered on screen, but it is included in the stack trace of the error response. 
As it is a bit complicated to parse sensitive data dynamically, I have removed the stack trace from the server response. It will only be found in the log files of the server, which means that sensitive data can no longer be exposed in cases like this one.
|
and others
I found a security flaw that I found bizarre.
I simulated losing my password... then I clicked on recover and it gave me an error, as I hadn't configured SMTP... In the error message that appeared on the screen, I had the new password... lol
The text was updated successfully, but these errors were encountered: