Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-01-13 01:02:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix plaintext password logging in failed login attempts

Browse source 
This PR fixes security issue #3644 by masking passwords in logs and Telegram notifications.
Passwords are no longer stored or transmitted in plaintext, reducing the risk of credential leakage.

Fixes #3644
This commit is contained in:
Frew777 2026-01-09 04:05:30 +03:00 committed by GitHub
parent 7b0a3929ff
commit 0f7cbb3f2a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/controller/index.go
View file

@ -77,8 +77,8 @@ func (a *IndexController) login(c *gin.Context) {
safePass := template.HTMLEscapeString(form.Password)
if user == nil {
logger.Warningf("wrong username: \"%s\", password: \"%s\", IP: \"%s\"", safeUser, safePass, getRemoteIp(c))
a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0)
logger.Warningf("wrong username: \"%s\", password: \"****\", IP: \"%s\"", safeUser, getRemoteIp(c))
a.tgbot.UserLoginNotify(safeUser, "****", getRemoteIp(c), timeStr, 0)
pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword"))
return
}