Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obfuscated password values in WebUI shows if a password contains certain characters #13270

Closed
kafeinnet opened this issue Nov 24, 2021 · 2 comments · Fixed by #15025
Closed

Obfuscated password values in WebUI shows if a password contains certain characters #13270

kafeinnet opened this issue Nov 24, 2021 · 2 comments · Fixed by #15025
Labels
bug Used to indicate a potential bug ui

Comments

@kafeinnet
Copy link

Describe the bug

When a secret value contains some accentuated characters (é, à, è, ...), the obfuscated value in the WebUI shows where those characters are.

To Reproduce

  1. Store some accentuated characters in a secret value, like é ou à
  2. Look a the obfuscated value

image

image

Expected behavior

No hints about the stored value should be displayed (imho, not even the length of the password).

Environment:

Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    5
Threshold       3
Version         1.8.4
Storage Type    consul
Cluster Name    xxx
Cluster ID      xxx
HA Enabled      true
HA Cluster      https://xx.xx.xx.xx:8201
HA Mode         active
Active Since    2021-10-21T08:27:17.605793713Z
@heatherezell heatherezell added ui bug Used to indicate a potential bug labels Nov 29, 2021
@evsasha
Copy link

evsasha commented Dec 14, 2021

I confirm. Obfuscation work correct on versions 1.6.7, 1.7.7 but not work in 1.9.1 and 1.8.6

@arnav28
Copy link
Contributor

arnav28 commented Dec 17, 2021

Thanks @evsasha for pointing it out. We have taken both the changes (font discrepancy and length of obfuscated values) in consideration and will hopefully be pushing a fix as soon as it's prioritized. 👍

@hashishaw hashishaw mentioned this issue Apr 13, 2022
Merged
@hashishaw hashishaw linked a pull request Apr 13, 2022 that will close this issue
UI: Masked inputs always look the same when value is hidden #15025
Merged
This was referenced Apr 13, 2022
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

UI: Masked inputs always look the same when value is hidden hashicorp/vault
4 participants
@arnav28 @kafeinnet @evsasha @heatherezell