Status: New
Owner:
Labels: Type-Defect Priority-Medium
New issue 2621 by eelco.do...@logicblox.com: "Internal Server Error" email
contains plain text password
http://code.google.com/p/reviewboard/issues/detail?id=2621
* NOTE: Do not post confidential information in this bug report. *
* If you need immediate support, please contact*
* reviewbo...@googlegroups.com *
What version are you running?
Review Board 1.6.6
What's the URL of the page containing the problem?
Email sent after a 500 error on /account/login/
What steps will reproduce the problem?
1. User attempts to log in using a long (> 30 characters) LDAP username.
2. This triggers an internal server error (500), causing an email message
to be sent to the admin.
What is the expected output? What do you see instead?
The email message sent to the server admin (attached with password
scrubbed) contains a backtrace and a WSGIRequest that contains the line:
POST:u'next_page': [u'/r/'], u'password': [u'ACTUAL_PASSWORD']}>,
where 'ACTUAL_PASSWORD' is, well, the actual password of the user who
attempted to log in.
Expected result is not to have passwords sent in plain text via email.
(Review Board should probably also accept user names longer than 30
characters, but that's a separate issue.)
What operating system are you using? What browser?
NixOS (Linux), Firefox 12.0.
Please provide any additional information below.
Attachments:
500-email.txt 5.7 KB
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To post to this group, send email to reviewboard-issues@googlegroups.com.
To unsubscribe from this group, send email to
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/reviewboard-issues?hl=en.