Closed nagolucky18 closed 10 months ago
Hi there @nagolucky18!
Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.
We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.
We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.
Thanks, from your friendly Umbraco GitHub bot :robot: :slightly_smiling_face:
There is some reasoning on this old PR #3555 on why not to do it. In the end, the change was welcomed but never ported from v7 to v8.
Hey @mastrup thanks for the PR #h5yr!
Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)
12.3.0-rc
Bug summary
Admin user password is not hidden during admin credential setup step of Umbraco installation.
Specifics
The new admin user password is not hidden during admin credential setup of Umbraco installation, which may lead to unintended sharing of administrator password and consequently, compromise of new admin account.
This is because the HTML input is of
text
type and notpassword
type in "user.html". Unless there is a specific reason that the input is oftext
type, HTMLpassword
input type should be used to ensure password is hidden when user inputs a value into the textbox.Steps to reproduce
Expected result / actual result
The new admin user password should be hidden while the user inputs values into the textbox.