Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16108

Enrollment key in course settings uses password field but Moodle then doesn't treat it with the care a password deserves

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 1.8.7, 1.9.3
    • 1.8, 1.9
    • Course
    • None
    • MOODLE_18_STABLE, MOODLE_19_STABLE
    • MOODLE_18_STABLE, MOODLE_19_STABLE

      This is the problem as we saw it....

      1. Firefox "accidentally" filled in the enrolment key field with some personal information. The teacher didn't know because it just filled with stars
      2. They saved it
      3. Another teacher came along and hit 'unmask' and their personal information was revealed

      Some thoughts...

      • If this really is a password then it must be saved as a hash and should not be recoverable
      • The form could have "autocomplete=off" added to suppress browser filling in the field

            skodak Petr Skoda
            howardsmiller Howard Miller
            Tim Hunt Tim Hunt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.