[COMPASS-4089] Compass Password should not be displayed in Clear Text in the connection string Created: 14/Jan/20  Updated: 29/Oct/23  Resolved: 11/Feb/20

Status: Closed
Project: Compass
Component/s: Compass
Affects Version/s: None
Fix Version/s: 1.21.0

Type: Bug Priority: Critical - P2
Reporter: Felicia Hsieh Assignee: Alena Khineika
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by COMPASS-4167 Paste Connection String showing passw... Closed
Related
is related to COMPASS-4090 Set Default Connection Screen to the ... Closed
Sprint: Iteration Vicuña, Iteration Wombat

 Description   

Security issue

If Compass is open and user clicks on a connection Favorite, any password embedded in the connection string is displayed in Clear Text.  The password can be stolen or if the computer display is projected or shared.

Even with the use of LDAP authentication, the password is displayed in clear text defeating high security compliance policies.

 



 Comments   
Comment by Githook User [ 11/Feb/20 ]

Author:

{'username': 'imlucas', 'name': 'Lucas Hrabovsky', 'email': 'hrabovsky.lucas@gmail.com'}

Message: Merge branch 'master' into COMPASS-4089-hide-password-in-uri
Branch: COMPASS-4089-hide-password-in-uri
https://github.com/mongodb-js/compass/commit/6a4bafb46bbef10de000442624cb2568f9477634

Generated at Wed Feb 07 22:35:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.