Project JEDI - Issue Tracker
Mantis Bugtracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0005122 [JEDI VCL] 00 JVCL Components tweak always 2010-01-24 01:33 2011-06-10 16:09
Reporter debose View Status public  
Assigned To obones
Priority normal Resolution fixed  
Status resolved   Product Version Daily / GIT
Summary 0005122: Security bug: JvEdit in password mode with Autohint = True allows to see password in hint
Description Steps to reproduce:
* Place TJvEdit on form
* Make it narrow
* Set PasswordChar property to "*"
* Set AutoHint property to Enabled
* Set ShowHint property to Enabled
* run application
* enter long password, that will not fit in edit
* move mouse to TJvEdit

You can see your password in hint.

Solution:
change code to bypass autohint, when in password mode.
Additional Information Demo project attached.
Tags No tags attached.
Attached Files zip file icon JvEditAutohintPassword_bug.zip [^] (6,509 bytes) 2010-01-24 01:33

- Relationships

-  Notes
(0017244)
obones (administrator)
2010-03-08 15:30

This is now fixed in SVN

- Issue History
Date Modified Username Field Change
2010-01-24 01:33 debose New Issue
2010-01-24 01:33 debose File Added: JvEditAutohintPassword_bug.zip
2010-03-08 15:30 obones Note Added: 0017244
2010-03-08 15:30 obones Assigned To => obones
2010-03-08 15:30 obones Status new => resolved
2010-03-08 15:30 obones Resolution open => fixed
2010-03-08 15:30 obones Fixed in Version => Daily / SVN
2010-03-08 15:30 obones Target Version => 3.40 - not yet released
2011-06-10 16:09 obones Fixed in Version Daily / SVN => 3.40


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker