Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

System logs displays user passwords

Hi,

We're on v1.9.2

Logged into SCP -> Admin Panel -> System Logs

When looking through logs, for example, "Excessive login attempts (user)" Log Type: Error

We're currently able to view user passwords in plain text. Is there a setting to disable their passwords from being visible in the System Logs or at least a way to encrypt them? We don't want Admins (or anyone) being able to see any user passwords.

Thanks!

Comments

  • There was a similar issue I reported some time ago to the devs and if I remember right it was fixed in 1.9.0 or 1.9.1. But maybe it was only half fixed?!

    @ntozier can you point this thread out to the devs so that they can revisit this security issue/confirm it was fully fixed? Thanks.
  • Done.

    Although I just tested this and I'm not able to replicate the report.
Sign In or Register to comment.