MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Leaking of hashed passwords in the audit logs fixed 

- Scope was limited due to the audit log access restrictions to site/org admins
pull/2697/head
iglocska 2017-11-24 11:55:16 +01:00
parent 8794af9118
commit 7d5890b2fc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/UsersController.php
View File

@ -644,7 +644,7 @@ class UsersController extends AppController {
$c = 0;
foreach ($fields as $field) {
if (isset($fieldsOldValues[$c]) && $fieldsOldValues[$c] != $fieldsNewValues[$c]) {
if ($field != 'confirm_password') {
if ($field != 'confirm_password' && $field != 'enable_password') {
$fieldsResultStr = $fieldsResultStr . ', ' . $field . ' (' . $fieldsOldValues[$c] . ') => (' . $fieldsNewValues[$c] . ')';
}
}