[Bug 38909] New: Typo shows Username in log

bugzilla-daemon Wed, 01 Aug 2012 00:51:09 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=38909


       Web browser: ---
             Bug #: 38909
           Summary: Typo shows Username in log
           Product: MediaWiki
           Version: 1.18.1
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Unprioritized
         Component: Logging
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


Currently MW shows userenames that are not present in the log. That could leak
passwords to the log if the user did not safely hit the "tab" or klicks within
the password field on login. In my wikilog I found an entry similar to this:

13:16, 28 June 2012 WikiSysop (Talk | contribs | block) Fehler beim Login ‎
(Der Benutzername „AnyusernameAnypassword“ ist nicht vorhanden. Bitte
überprüfen Sie die Schreibweise.)

IMHO it would be more safe to reflect something like: A User with IP
xxx.xxx.xxx.xxx entered an unknown username.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 38909] New: Typo shows Username in log

Reply via email to