Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Leaking secret through Password validation message
See original GitHub issueToday I realized that when you use Password question and supply invalid value, the entered value is prompted in plaintext in the error message.
I believe that this should not be the correct behavior as it could resolve in accidental leaking the secret to the surrounding (in a sense, somebody watching over my shoulder).
I would inspire regarding how to approach this from well-established utilities like sudo, which does not even print any chars to prevent from leaking the length of the secret.
I could do PR to fix this.
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
not printing any character is a bad idea, because some users think that they wrote nothing. But Inquirer is here to try to think in any option, so setting an empty character should be allowed.
I will take a look on this issue.
Thank you for reporting!
Fixed with #53.