You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Attempt a git clone of a Gitblit served repository over HTTP
2. Provide an incorrect password
e.g. http://<USER>@git/git/repo.git
What is the expected output? What do you see instead?
The Gitblit logs contain an entry recording the failed authentication attempt, specifying
the userID.
If a failed login occurs to the user interface, this logs only the user ID.
If the failed login occurs to the Git HTTP interface, the password provided is logged
in plain text.
What version of the product are you using? On what operating system?
1.3.1, LDAP authentication integrated with Active Directory
Please provide any additional information below.
This problem is exacerbated if a user account has been locked by some other action
(which is surprisingly common in enterprise networks) as in that case correct passwords
will fail authentication and be logged.
Reported by ultradodge on 2013-09-27 02:53:06
The text was updated successfully, but these errors were encountered:
The log message containing the password is as follows:
<DATE> GitBlit [WARN] Failed login attempt for <USER>, invalid credentials (<USER>:<PASSWORD>)
from <ADDRESS>
Originally reported on Google Code with ID 316
Reported by
ultradodge
on 2013-09-27 02:53:06The text was updated successfully, but these errors were encountered: