Password can be read after logout #422

Geisterli · 2022-03-11T08:33:16Z

Password can be read after logout

Passbolt Version: 3.5.0
Platform and Target:
-- Operating system: Ubuntu 20.4
-- Passbolt Docker image version: 3.5.0-ce

What you did

Open the detail view of a secret.
Click on the eye in the detail view to display the password.
If asked for the Passbolt credentials, enter them.
Wait a longer while until the automatic logout of the website.
The password previously viewed is still readable.

(I have blacked out some information that is not relevant to this issue.)

What you expected to happen

I expect no passwords to be displayed after the automatic logout.

AnatomicJC · 2022-03-11T08:59:36Z

Hi @ChristianKippingKv-rlp and thanks for reporting this issue 👍

We created an internal ticket under reference PB-14173 to handle this. We will keep you posted as soon as the fix will be published.

With best regards,

ScarlettRain · 2024-03-23T10:13:59Z

You'll also encrypt or drop it after that ticker right? not just change the ui? not that one can change in memory stuff and it'll get visibel or just read out :P

AnatomicJC added the bug label Mar 11, 2022

cedricalfonsi self-assigned this Mar 11, 2022

cedricalfonsi added the groomed label Nov 29, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Password can be read after logout #422

Password can be read after logout #422

Geisterli commented Mar 11, 2022 •

edited

AnatomicJC commented Mar 11, 2022

ScarlettRain commented Mar 23, 2024 •

edited

Password can be read after logout #422

Password can be read after logout #422

Comments

Geisterli commented Mar 11, 2022 • edited