Tasmota: Self-compiled FW with MQTT Password will expose in HTML in plain text

Created on 24 Dec 2018  路  2Comments  路  Source: arendst/Tasmota

If i delete the password hidden mark in MQTT password field it will expose the self-compile MQTT password in plain text and even you can read it in HTML source as in my screenshot.

_Also, make sure these boxes are checked [x] before submitting your issue - Thank you!_

  • [x] _Searched the problem in issues and in the wiki_
  • [x] _Hardware used_ : Sonoff SV
  • [x] _Development/Compiler/Upload tools used_ : VSC + PlatformIO
  • [x] _If a pre-compiled release or development binary was used, which one?_ : Tasmota 6.4.0.3 core 2.4.2
  • [x] _You have tried latest release or development binaries?_ :

To Reproduce
Self-compile the fw with mqtt password.

  • try to delete the password back dot on web ui.
  • View it in HTML source code

Expected behavior

  • It should be hidden.

Screenshots
pw-expose

pw-expose-2

bug fixed security
Source
picture wongnam

Most helpful comment

Fixed by Theo

Thank you very much for reporting :+1:

picture ascillato2 on 24 Dec 2018
🎉1 👍1

All 2 comments

@wongnam Thanks for reporting :)

andrethomas picture andrethomas on 24 Dec 2018

Fixed by Theo

Thank you very much for reporting :+1:

ascillato2 picture ascillato2 on 24 Dec 2018
🎉1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

abzman picture abzman  路  3Comments
ximonline picture ximonline  路  3Comments
garret picture garret  路  3Comments
Joeyhza picture Joeyhza  路  3Comments
grizewald picture grizewald  路  3Comments