SS-2018-013: Passwords sent back to browsers under some circumstances
- Low (?)
- Versions Affected:
- silverstripe/framework:^3.5, silverstripe/framework:^4.0.3, silverstripe/framework:^4.1.0
- Versions Fixed:
- silverstripe/framework:3.7.0, silverstripe/framework:4.0.4, silverstripe/framework:4.1.1
- Release Date:
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.
Reported by Logan Woods at Aura Information Security.