- Status Unconfirmed
- Percent Complete
- Task Type Bug Report
- Category Installer and Upgrader
- Assigned To No-one
- Operating System All
- Severity Medium
- Priority Very Low
- Reported Version 0.9.9.7
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
FS#1988 - Password Field for Admin
The installer requests a password for the admin account, and provides a default one.
Because this field is not type=”password”, the browser caches this data for any field named “admin_password”
This also applies to future installations of the software.
I have marked this as critical as this can pose a security hazard. A different implementation would be allowing entry of password, or in the case of wanting to provide a default one, have two password fields prepopulated, and a text one prepopulated so that it can be viewed by the end user.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
My bad for not seeing the security procedure linked on the page.
Made a pull request on github, please take a look if that solves your consideration.
Made it a password input field that can be switched by js to view the password. Does this helps in your case?
Which browser and under which concrete circumstances (crossdomain?) it is a problem?
In Firefox 38.0 Update history (2015-05-12):
Changed autocomplete=off is no longer supported for username/password fields
https://bugzilla.mozilla.org/show_bug.cgi?id=1025703