Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4089

Compass Password should not be displayed in Clear Text in the connection string

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical - P2 Critical - P2
    • 1.21.0
    • None
    • Compass
    • None
    • Iteration Vicuña, Iteration Wombat

    Description

      Security issue

      If Compass is open and user clicks on a connection Favorite, any password embedded in the connection string is displayed in Clear Text.  The password can be stolen or if the computer display is projected or shared.

      Even with the use of LDAP authentication, the password is displayed in clear text defeating high security compliance policies.

       

      Attachments

        Activity

          People

            alena.khineika@mongodb.com Alena Khineika
            felicia.hsieh@mongodb.com Felicia Hsieh
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: