URL:
<http://savannah.gnu.org/bugs/?45825>
Summary: password's exposed during encoding conversion
Project: GNU Wget
Submitted by: None
Submitted on: Tue 25 Aug 2015 05:59:16 PM UTC
Category: User Interface
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: 1.16
Operating System: None
Reproducibility: Every Time
Fixed Release: None
Planned Release: None
Regression: None
Work Required: None
Patch Included: None
_______________________________________________________
Details:
$ read -s p
baz
$ wget https://bar:$p@foo/…
converted 'https://bar:baz@foo/…' (ANSI_X3.4-1968) ->
'https://bar:baz@foo/…' (UTF-8)
--2015-08-25 20:49:48-- https://bar:*password*@foo/…
...
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?45825>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
