User Password is shared in Java error message

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Medium
    • None
    • Affects Version/s: 2.6.0
    • Component/s: None

      A customer has reported that:

      his password was displayed in plain text in the error logs displayed on his screen. Screen also indicated he should copy and send said error to Admin and/or Atlassian.
      This is horrendous security and needs to be changed.

      snippet of the error message displayed on screen:

      Cause:
javax.servlet.ServletException: Filter execution threw an exception
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
caused by: java.lang.OutOfMemoryError: PermGen space
at Unknown location

[snip]

Parameters:

    * os_destination = /homepage.action
    * os_password = <MY PASSWORD IN PLAIN TEXT WAS HERE>
    * login = Log In
    * os_username = <username goes here>
      Confluence User:
    * anonymous

Logging:
0 log statements generated by this request.

              Assignee:
              Unassigned
              Reporter:
              Kevin Tran [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: