Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃悰 [Bug] Wrong Password in sent URL if Javascript is off #2315

Open
datenbrei opened this issue Nov 21, 2019 · 0 comments
Open

馃悰 [Bug] Wrong Password in sent URL if Javascript is off #2315

datenbrei opened this issue Nov 21, 2019 · 0 comments
Labels
bug security Pull requests that address a security vulnerability

Comments

@datenbrei
Copy link
Contributor

datenbrei commented Nov 21, 2019
edited

馃悰 Bugreport

If a user switches off Javascript, the login dialogue does send the password in clear text as part of the PUT/POST-URL to the backend. A user/developer did report this just for wrong passwords!

Steps to reproduce the behavior

  1. Use uMatrix to switch of Javascript
  2. See the request in the Browsers Console

Expected behavior

If Javascript is switched off, the login dialogue should do nothing at all, because our aaplication an not work without JavaScript.

Version & Environment

Type: [Desktop]

  • OS: [Windows]
  • Browser: [Chrome]
  • Version []
  • Device: []

Additional context

This may be a fallback funtionality of our used toolkit.
@datenbrei datenbrei added bug security Pull requests that address a security vulnerability labels Nov 21, 2019
@datenbrei datenbrei changed the title 馃悰 [Bug] Password in sent URL if Javascript is off 馃悰 [Bug] Wrong Password in sent URL if Javascript is off Nov 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@datenbrei