From 0f7cbb3f2a356fcf25a57627511b835af05d4574 Mon Sep 17 00:00:00 2001
From: Frew777 <96523750+Frew777@users.noreply.github.com>
Date: Fri, 9 Jan 2026 04:05:30 +0300
Subject: [PATCH] Fix plaintext password logging in failed login attempts

This PR fixes security issue #3644 by masking passwords in logs and Telegram notifications.
Passwords are no longer stored or transmitted in plaintext, reducing the risk of credential leakage.

Fixes #3644
---
 web/controller/index.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/controller/index.go b/web/controller/index.go
index 5f9e1c2c..df3bd1e6 100644
--- a/web/controller/index.go
+++ b/web/controller/index.go
@@ -77,8 +77,8 @@ func (a *IndexController) login(c *gin.Context) {
 	safePass := template.HTMLEscapeString(form.Password)
 
 	if user == nil {
-		logger.Warningf("wrong username: \"%s\", password: \"%s\", IP: \"%s\"", safeUser, safePass, getRemoteIp(c))
-		a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0)
+		logger.Warningf("wrong username: \"%s\", password: \"****\", IP: \"%s\"", safeUser, getRemoteIp(c))
+		a.tgbot.UserLoginNotify(safeUser, "****", getRemoteIp(c), timeStr, 0)
 		pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword"))
 		return
 	}