Details
-
Bug
-
Resolution: Fixed
-
Major
-
4.5.0
-
Security Level: Public
-
Untriaged
-
Unknown
Description
Passwords and auth info might appear in JSON and other places which are logged to stdout/stderr.
Those should be replace with "*********" or equivalent scrubbing of sensitive auth info.
The actual strings that users search for can also be considered sensitive information but need different handling so there's another ticket for that.