[GH-ISSUE #442] Password visible during password reset on web interface #167

New issue

Closed

opened 2026-02-27 08:15:38 +03:00 by kerem · 4 comments

kerem commented 2026-02-27 08:15:38 +03:00

Owner

Copy link

Originally created by @DarkSpir on GitHub (Feb 12, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/442

I log into lldap via its webinterface on port 17170, click on the user logo on the top right, and select "Profile". Then I click the button "Change Password".

The first input form "Current password" is type="text", the second and third input forms "New password" and "Confirm password" are type="password". Thus the new passwords are hidden behind whatever char the OS uses for obfuscating password input boxes but the old password is visible in plain text. Not sure if that was desired behavior.

Originally created by @DarkSpir on GitHub (Feb 12, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/442 I log into lldap via its webinterface on port 17170, click on the user logo on the top right, and select "Profile". Then I click the button "Change Password". The first input form "Current password" is type="text", the second and third input forms "New password" and "Confirm password" are type="password". Thus the new passwords are hidden behind whatever char the OS uses for obfuscating password input boxes but the old password is visible in plain text. Not sure if that was desired behavior.

kerem closed this issue 2026-02-27 08:15:39 +03:00

kerem commented 2026-02-27 08:15:39 +03:00

Author

Owner

Copy link

@DarkSpir commented on GitHub (Feb 12, 2023):

I have no experience with programing in Rust but if I have to guess I'd say on /app/src/components/change_password.rs between line 248 and 249 a input_type="password" is missing. If that is not the desired behavior.

<!-- gh-comment-id:1427078137 --> @DarkSpir commented on GitHub (Feb 12, 2023): I have no experience with programing in Rust but if I have to guess I'd say on /app/src/components/change_password.rs between line 248 and 249 a input_type="password" is missing. If that is not the desired behavior.

kerem commented 2026-02-27 08:15:39 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Feb 12, 2023):

It sounds like you found the spot! Would you like to do a PR?

<!-- gh-comment-id:1427088672 --> @nitnelave commented on GitHub (Feb 12, 2023): It sounds like you found the spot! Would you like to do a PR?

kerem commented 2026-02-27 08:15:39 +03:00

Author

Owner

Copy link

@DarkSpir commented on GitHub (Feb 12, 2023):

Created PR #443

<!-- gh-comment-id:1427117649 --> @DarkSpir commented on GitHub (Feb 12, 2023): Created PR #443

kerem commented 2026-02-27 08:15:39 +03:00

Author

Owner

Copy link

@DarkSpir commented on GitHub (Feb 13, 2023):

Wow I think this was the first time I created a PR to actually change code of something that has not been written by myself. Thanks!

<!-- gh-comment-id:1427397796 --> @DarkSpir commented on GitHub (Feb 13, 2023): Wow I think this was the first time I created a PR to actually change code of something that has not been written by myself. Thanks!

kerem referenced this issue 2026-02-27 08:18:05 +03:00

[PR #167] [MERGED] app: Implement login refresh #587

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#167

No description provided.