Bug ID 1078525: Incorrect syntax in login payload shows plaintext password in the response.

Last Modified: Jun 28, 2022

Bug Tracker

Affected Product:  See more info
BIG-IQ Platform(all modules)

Opened: Feb 04, 2022
Severity: 3-Major

Symptoms

Using the wrong syntax in the login request payload reflects the whole request payload in the response, which may contain the original password from the request in clear text.

Impact

Request Password is shown in cleartext

Conditions

Using "loginReference" instead of "loginProviderName" in the login request

Workaround

None

Fix Information

None

Behavior Change