-
Type:
Bug
-
Status: Closed
-
Resolution: Duplicate
-
Affects Version/s: 6.1.1 CE GA2
-
Fix Version/s: 6.1.30 EE GA3, 6.2.0 CE GA1
-
Component/s: Mail, Security Vulnerability, ~ [Archived] Collaboration
-
Labels:
If you see the liferay logs I will be attaching after the ticket creation, at line number 3206 an error message is received saying:
ERROR [liferay/mail_synchronizer-7][ParallelDestination:117] Unable to process message {destinationName=liferay/mail_synchronizer, response=null, responseDestinationName=null, responseId=null, payload=null, values={principalPassword=[B@4e1dc9c4d106b29303767527fc11214f1b325fb6, messagesPerPage=0, principalName=10196, accountId=756540, userId=10196, command=synchronize, pageNumber=0, companyId=10154, messageId=0, password=p@ssw2rd, folderId=0}}
You can observer an entry as password=p@ssw2rd. The password here is not encrypted and is shown in plain text. Is this an intended behavior ?
As per my understanding the password should never be exposed in plain text format.
This issue relates LPP-11815.
Thanks,
Namit
- duplicates
-
LPS-31443 Filtering passwords from Message values is not case in-sensitive
- Closed