Dangerous BUG

jansalex · **Joined:** Tue Jun 22, 2010 8:37 pm **Posts:** 152

Hi all,

in the customer panel if you left empty the user field, the system returns a window showing the password :

You must enter an user and a password!***REALPASSWORD"

bucasia · **Joined:** Mon Mar 02, 2009 8:56 pm **Posts:** 271

What version is this on?

jansalex · **Joined:** Tue Jun 22, 2010 8:37 pm **Posts:** 152

1.9.4

bucasia · **Joined:** Mon Mar 02, 2009 8:56 pm **Posts:** 271

Confirmed. I see it in 1.9.2 also.

If you leave the username blank, but enter a password, the password is echoed back to the screen in plain text in the popup box.

vulcan · **Joined:** Mon Jan 08, 2007 6:56 pm **Posts:** 345

It echoes back what was typed, not something from the database, unusual though.

jhdci · **Joined:** Tue Mar 06, 2012 8:47 pm **Posts:** 1

Change /customer/templates/default/index.tpl line 25 from

Code:

         alert("You must enter an user and a password!" + document.form.pr_password.value);

to

Code:

alert("You must enter an user and a password!");

provided by Star2Billing S.L.

Dangerous BUG

Who is online