passbolt_api icon indicating copy to clipboard operation
passbolt_api copied to clipboard

Published 20 hours ago verified publisher icon passbolt

Password can be read after logout

Open Geisterli opened this issue 3 years ago • 2 comments

Password can be read after logout

  • Passbolt Version: 3.5.0
  • Platform and Target: -- Operating system: Ubuntu 20.4 -- Passbolt Docker image version: 3.5.0-ce

What you did

  • Open the detail view of a secret.
  • Click on the eye in the detail view to display the password.
  • If asked for the Passbolt credentials, enter them.
  • Wait a longer while until the automatic logout of the website.
  • The password previously viewed is still readable. Passbolt_blacked (I have blacked out some information that is not relevant to this issue.)

What you expected to happen

I expect no passwords to be displayed after the automatic logout.

Geisterli avatar Mar 11 '22 08:03 Geisterli

Hi @ChristianKippingKv-rlp and thanks for reporting this issue 👍

We created an internal ticket under reference PB-14173 to handle this. We will keep you posted as soon as the fix will be published.

With best regards,

AnatomicJC avatar Mar 11 '22 08:03 AnatomicJC

You'll also encrypt or drop it after that ticker right? not just change the ui? not that one can change in memory stuff and it'll get visibel or just read out :P

ScarlettRain avatar Mar 23 '24 10:03 ScarlettRain