What steps will reproduce the problem?
1. Attempt a git clone of a Gitblit served repository over HTTP
2. Provide an incorrect password
What is the expected output? What do you see instead?
The Gitblit logs contain an entry recording the failed authentication attempt, specifying
If a failed login occurs to the user interface, this logs only the user ID.
If the failed login occurs to the Git HTTP interface, the password provided is logged
in plain text.
What version of the product are you using? On what operating system?
1.3.1, LDAP authentication integrated with Active Directory
Please provide any additional information below.
This problem is exacerbated if a user account has been locked by some other action
(which is surprisingly common in enterprise networks) as in that case correct passwords
will fail authentication and be logged.
Reported by ultradodge on 2013-09-27 02:53:06
The text was updated successfully, but these errors were encountered: