Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 2621 by "Internal Server Error" email contains plain text password

* NOTE: Do not post confidential information in this bug report. *
*       If you need immediate support, please contact            *
*                             *

What version are you running?

Review Board 1.6.6

What's the URL of the page containing the problem?

Email sent after a 500 error on /account/login/

What steps will reproduce the problem?
1. User attempts to log in using a long (> 30 characters) LDAP username.
2. This triggers an internal server error (500), causing an email message to be sent to the admin.

What is the expected output? What do you see instead?

The email message sent to the server admin (attached with password scrubbed) contains a backtrace and a WSGIRequest that contains the line:

POST:<QueryDict: {u'username': [u''], u'next_page': [u'/r/'], u'password': [u'ACTUAL_PASSWORD']}>,

where 'ACTUAL_PASSWORD' is, well, the actual password of the user who attempted to log in.

Expected result is not to have passwords sent in plain text via email.

(Review Board should probably also accept user names longer than 30 characters, but that's a separate issue.)

What operating system are you using? What browser?

NixOS (Linux), Firefox 12.0.

Please provide any additional information below.

        500-email.txt  5.7 KB

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

Reply via email to