-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication configurations expose passwords #1984
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Exceptions and their stdout might print passwords in plaintext
Repro steps
I have no repro steps, the print occured on one of our managers computer and leaked his password to me.
Expected behavior
do not print plaintext password in exception texts
Known workarounds
I suspect the complete plaintext authentication sheme is not really secure. Still, having plaintext passwords printed to screen renders paket really untrustworthy ;)
I'd suggest simply to put StructuredFormatDisplay to authenication configs.
The text was updated successfully, but these errors were encountered: