Uploaded image for project: 'mod-login'
  1. mod-login
  2. MODLOGIN-163

POST /authn/login response contains clear text password

    XMLWordPrintable

Details

    • CP: sprint 125
    • 1
    • Core: Platform

    Description

      Overview:
      When calling POST /authn/login the response body is a copy of the request body and looks like this:

      {
        "username" : "bjoern",
        "password" : "cleartextsecret"
      }
      

      https://s3.amazonaws.com/foliodocs/api/mod-login/login.html

      Steps to Reproduce:

      1. Call POST /authn/login

      Expected Results:
      No response body.
      Actual Results:
      Response body is a copy of the request body and contains the clear text password.
      This might be a security issue if the response body is logged.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                adam Adam Dickmeiss (Inactive)
                bjoern_ubl Björn Muschall
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases