[COMPASS-4089] Compass Password should not be displayed in Clear Text in the connection string Created: 14/Jan/20 Updated: 29/Oct/23 Resolved: 11/Feb/20 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | Compass |
| Affects Version/s: | None |
| Fix Version/s: | 1.21.0 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Felicia Hsieh | Assignee: | Alena Khineika |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Sprint: | Iteration Vicuña, Iteration Wombat | ||||||||||||||||
| Description |
|
Security issue If Compass is open and user clicks on a connection Favorite, any password embedded in the connection string is displayed in Clear Text. The password can be stolen or if the computer display is projected or shared. Even with the use of LDAP authentication, the password is displayed in clear text defeating high security compliance policies.
|
| Comments |
| Comment by Githook User [ 11/Feb/20 ] |
|
Author: {'username': 'imlucas', 'name': 'Lucas Hrabovsky', 'email': 'hrabovsky.lucas@gmail.com'}Message: Merge branch 'master' into |