Univention Bugzilla – Bug 49309
Opening random computer in UCS shows error dialog with my password
Last modified: 2019-05-29 16:45:09 CEST
Created attachment 9976 [details] Message displayed in clear text It happened second time and second time while colleagues looking over my shoulder. Both embarrassing and now they know my password pattern. When it happens: when I go to Univention management centre web UI. I go to Computers, open a certain computer and the attached message shows up. It does not happen again if I go to same computer or different computer. First time happened yesterday. Second time today. Message: The following empty properties were set to default values in the form. These values will be applied when saving. [Advanced settings] - Account - Password: ********* I grepped logs for my password - no results. Any useful logs I can show here?
Created attachment 9977 [details] Message displays password in clear text
Comment on attachment 9976 [details] Message displayed in clear text delete this attachment please, sensitive info
Thank you for submitting the bug report. Can you please give your UCS version including the errata version? What browser and which browser version are you using? Did you save your login password in the browser? I think it is a duplicate of Bug #46198, which is fixed in UCS 4.4.
Please delete Attachment #9976 [details] UCS version 4.3-3 errata4101 Browser: Firefox 66.0.3 (64-bit) OS: Linux Ubuntu 18.04.2 LTS
CORRECTION UCS version 4.3-3 errata410
I can confirm it does not happen in Chrome browser 73.0.3683.103 64Bit
Update: It appears problem is only with Firefox, and happens if you save your password in Firefox for UCS ("Remember Password" button). I have removed all my passwords from Firefox saved logins. It is probably JavaScript code which takes saved logins and uses password to auto fill in forms? Except Chrome browser does not allow it, Firefox does.
I will add this bug to our priorization to decide if we backport a fix for UCS 4.3. It's fixed in UCS 4.4 already.
Thanks, I will be upgrading at some point. For now it is fixed with workaround of removing passwords from Firefox.
This is fixed with UCS 4.4, most of our users have already upgraded. As a workaround exists no backport is needed IMHO.