fix: Fix exposing password hashes in user edit page - gitblit.git - Pure java git solution: https://github.com/gitblit-org/gitblit

diff options

author	Florian Zschocke <f.zschocke+git@gmail.com>	2025-06-14 14:05:54 +0200
committer	Florian Zschocke <f.zschocke+git@gmail.com>	2025-06-14 14:05:54 +0200
commit	b51ee41b3d4c1f530e8d1a8850751251fa95b207 (patch)
tree	88e996c45038a57ff9f0f9eb9b205eac22a8f5e8 /src/test/java/com/gitblit/instance
parent	bd2e85e6ef1194033a2b25637f6c4769c7f82732 (diff)
download	gitblit-b51ee41b3d4c1f530e8d1a8850751251fa95b207.tar.gz gitblit-b51ee41b3d4c1f530e8d1a8850751251fa95b207.zip

fix: Fix exposing password hashes in user edit page

When an administrator edits a user entry, the user's password hash is present on the edit page. This is unnecessary. But it exposes the hash to an administrator who could choose to try to brute-force the hash and use the password on other logins of that user. This is an issue for administrative users who have no access to the actual database on disk but access to the user edit web page.

Diffstat (limited to 'src/test/java/com/gitblit/instance')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: