read --silent
is storing passwords in plaintext in history
#7230
Milestone
read --silent
is storing passwords in plaintext in history
#7230
Hello guys,
it seems that fish is storing plaintext passwords when using
read --silent
to read them in. This makes password prompts a security hazard.It has already been fixed according to #6438 and #5904 (also #838, #1504) but does not seem to work as expected:
Attackers could just dump passwords from fish's history.
Systeminfo:
The text was updated successfully, but these errors were encountered: