Open jamieb-tillo opened 2 years ago
In this method, if the $line variable does not contain a colon (e.g., is an empty string), then the call to list() will throw an Exception.
$line
list()
https://github.com/DivineOmega/password_exposed/blob/327f93ee5cab54622077bcae721412b55be16720/src/AbstractPasswordExposedChecker.php#L147
This exception is not caught by the handling in NIST or the DivineOmega packages. The stack trace of this exception will contain the submitted password in plain text.
Same problem. Thanks for the fix.
Neven21
commented
2 years ago
In this method, if the
$linevariable does not contain a colon (e.g., is an empty string), then the call tolist()will throw an Exception.https://github.com/DivineOmega/password_exposed/blob/327f93ee5cab54622077bcae721412b55be16720/src/AbstractPasswordExposedChecker.php#L147
This exception is not caught by the handling in NIST or the DivineOmega packages. The stack trace of this exception will contain the submitted password in plain text.