Geezap is an AI-powered job aggregation platform built with Laravel that unifies job listings from LinkedIn, Upwork, Indeed, and ZipRecruiter. Features include smart job matching, automated cover letter generation, and application tracking.
Description:
During the signup process on the job search website, the password entered in the password field is displayed in plain text rather than being masked or encrypted. This exposes sensitive user information to potential threats, such as shoulder surfing or unauthorized access.
Severity: High
Priority: Critical
Steps to Reproduce:
Navigate to the signup page.
Enter a password in the password field.
Observe that the password is displayed in plain text instead of being masked (e.g., as dots or asterisks).
Expected Behavior:
The password should be masked in the field by default (e.g., displayed as dots or asterisks) to prevent exposure. An optional "show/hide" toggle can be provided for user convenience, with the default state being "hidden."
Actual Behavior:
The password is visible in plain text as the user types, posing a security risk.
theihasan
commented
4 days ago
Description: During the signup process on the job search website, the password entered in the password field is displayed in plain text rather than being masked or encrypted. This exposes sensitive user information to potential threats, such as shoulder surfing or unauthorized access.
Severity: High
Priority: Critical
Steps to Reproduce:
Expected Behavior: The password should be masked in the field by default (e.g., displayed as dots or asterisks) to prevent exposure. An optional "show/hide" toggle can be provided for user convenience, with the default state being "hidden."
Actual Behavior: The password is visible in plain text as the user types, posing a security risk.