Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-77411

Adding a group could expose password of a user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 3.9.19, 3.11.12, 4.0.6, 4.1.1, 4.2
    • Groups

      When using your browsers password vault, the form to add a group could unintentionally reveal your password to other users with trainer (and higher) permissions as the enrollment password is automatically filled with the users password.

      Steps to reproduce:

      1. Save your credentials to the browsers password vault
      2. Create a course
      3. Go to "Participants" -> "Groups" -> "Create group"
      4. Confirm your password is auto-filled in the enrolment key field

      If a user forgets to clean the input field the password is stored and visible for all other trainers.

      Thanks to TRMSC for the hint (https://bildung.social/@trmsc/109931172874316310)!

            stefan.hanauska Stefan Hanauska
            stefan.hanauska Stefan Hanauska
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.