fixed security vulnerability (complete password hash is printed)

2020-03-29 10:28:05 +02:00 · 2020-03-29 10:28:05 +02:00 · 4acc130af7
commit 4acc130af7
parent a63df92f50
1 changed files with 2 additions and 2 deletions
--- a/src/main/java/envoy/data/LoginCredentials.java
+++ b/src/main/java/envoy/data/LoginCredentials.java
@ -54,8 +54,8 @@ public class LoginCredentials implements Serializable {
 	public String toString() {
 		try (Formatter form = new Formatter()) {
 			form.format("LoginCredentials[identifier=%s,passwordHash=", identifier);
-			for (byte element : passwordHash)
-				form.format("%02x", element);
+			for (int i = 0; i < 3; i++)
+				form.format("%02x", passwordHash[i]);
 			return form.format(",registration=%b]", registration).toString();
 		}
 	}