Password can be read after logout

[Geisterli]

Password can be read after logout

• Passbolt Version: 3.5.0
• Platform and Target: -- Operating system: Ubuntu 20.4 -- Passbolt Docker image version: 3.5.0-ce

What you did

• Open the detail view of a secret.
• Click on the eye in the detail view to display the password.
• If asked for the Passbolt credentials, enter them.
• Wait a longer while until the automatic logout of the website.
• The password previously viewed is still readable. (I have blacked out some information that is not relevant to this issue.)

What you expected to happen

I expect no passwords to be displayed after the automatic logout.

[AnatomicJC]

Hi @ChristianKippingKv-rlp and thanks for reporting this issue 👍

We created an internal ticket under reference PB-14173 to handle this. We will keep you posted as soon as the fix will be published.

With best regards,

[TreasureCove]

You'll also encrypt or drop it after that ticker right? not just change the ui? not that one can change in memory stuff and it'll get visibel or just read out :P

[cedricalfonsi]

Fixed with v4.9.0.