https://bugzilla.wikimedia.org/show_bug.cgi?id=38909
Web browser: --- Bug #: 38909 Summary: Typo shows Username in log Product: MediaWiki Version: 1.18.1 Platform: All OS/Version: All Status: UNCONFIRMED Severity: normal Priority: Unprioritized Component: Logging AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: carcha...@arcor.de Classification: Unclassified Mobile Platform: --- Currently MW shows userenames that are not present in the log. That could leak passwords to the log if the user did not safely hit the "tab" or klicks within the password field on login. In my wikilog I found an entry similar to this: 13:16, 28 June 2012 WikiSysop (Talk | contribs | block) Fehler beim Login (Der Benutzername „AnyusernameAnypassword“ ist nicht vorhanden. Bitte überprüfen Sie die Schreibweise.) IMHO it would be more safe to reflect something like: A User with IP xxx.xxx.xxx.xxx entered an unknown username. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l