csua-backend icon indicating copy to clipboard operation
csua-backend copied to clipboard

Published 20 hours ago verified publisher icon CSUA

apps.ldap.utils.create_new_user leaks private info

Open robertquitt opened this issue 4 years ago • 1 comments

In debug emails sent to root@, user passwords are revealed from the debug info in apps.ldap.utils.create_new_user. The fix is to use the sensitive_variables decorator.

https://docs.djangoproject.com/en/2.2/howto/error-reporting/#django.views.decorators.debug.sensitive_variables

https://github.com/CSUA/csua-backend/blob/f8096fb989b9e4761eafded56d3b6c4e5dd0b2a6/apps/ldap/utils.py#L82

robertquitt avatar Aug 25 '20 20:08 robertquitt