Uploaded image for project: 'Sourcetree for Windows'
  1. Sourcetree for Windows
  2. SRCTREEWIN-8188

Repo password on display for the world to see.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Resolved Locally
    • Icon: Highest Highest
    • None
    • 2.3.5.0
    • Git

    • Windows 10 Pro v.1607, Standalone version, JDK 1.8.0_151

    • Severity 2 - Major

      I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here.

      I have three different repos loaded in Sourcetree. Because of single sign on, that is also my user name and password for the one of the repos. The other two are hosted on Github and use an SSH key. However, switching between repos doesn't affect the display of my user credentials.

      I don't remember seeing this before. The only thing I can think of that might have changed something is my password is about to auto-expire on the system. Yesterday I set a new password. Today I started up Sourcetree for the first time after setting a new password and had to re-enter my credentials for the company repo.

        1. credentials.png
          credentials.png
          8 kB
        2. sourcetree.png
          sourcetree.png
          43 kB
        3. sourcetree2.png
          sourcetree2.png
          24 kB

            [SRCTREEWIN-8188] Repo password on display for the world to see.

            Sean Hammon added a comment -

            You can close this. I think I finally have some idea of what happened. I'm blaming it on IT installing a script on my machine that silently changed $HOME out from under me.

            Sean Hammon added a comment - You can close this. I think I finally have some idea of what happened. I'm blaming it on IT installing a script on my machine that silently changed $HOME out from under me.

            Sean Hammon added a comment -

            So I uploaded a couple more images and then went and looked at my .gitconfig file. It does appear that my .gitconfig was altered. It has to be related to being required to change my password. I've been committing to that repo for months. It's not like the information was missing. There was no need to change the information in .gitconfig.

            I can't even begin to guess how that happened or if it was SourceTree or Git that did it. And all this time I thought it was just a display quirk when in reality Git has been logging my password with every commit. That's just great.

            Sean Hammon added a comment - So I uploaded a couple more images and then went and looked at my .gitconfig file. It does appear that my .gitconfig was altered. It has to be related to being required to change my password. I've been committing to that repo for months. It's not like the information was missing. There was no need to change the information in .gitconfig. I can't even begin to guess how that happened or if it was SourceTree or Git that did it. And all this time I thought it was just a display quirk when in reality Git has been logging my password with every commit. That's just great.

            minnsey added a comment -

            Hi sean56

            Sourcetree will just display information found either in Tools/Options/General tab from you Git/Hg config.

            minnsey added a comment - Hi sean56 Sourcetree will just display information found either in Tools/Options/General tab from you Git/Hg config.

            FNU added a comment -

            sean56 can you help me with some POC steps please? I am not able to locate where i should be seeing the creds for my instance.

            FNU added a comment - sean56 can you help me with some POC steps please? I am not able to locate where i should be seeing the creds for my instance.

              Unassigned Unassigned
              1c16e56e9df1 Sean Hammon
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: