From 4acc130af72240ff7b67e86922460084d9d33285 Mon Sep 17 00:00:00 2001 From: delvh Date: Sun, 29 Mar 2020 10:28:05 +0200 Subject: [PATCH] fixed security vulnerability (complete password hash is printed) --- src/main/java/envoy/data/LoginCredentials.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/envoy/data/LoginCredentials.java b/src/main/java/envoy/data/LoginCredentials.java index 8007796..438dd15 100644 --- a/src/main/java/envoy/data/LoginCredentials.java +++ b/src/main/java/envoy/data/LoginCredentials.java @@ -54,8 +54,8 @@ public class LoginCredentials implements Serializable { public String toString() { try (Formatter form = new Formatter()) { form.format("LoginCredentials[identifier=%s,passwordHash=", identifier); - for (byte element : passwordHash) - form.format("%02x", element); + for (int i = 0; i < 3; i++) + form.format("%02x", passwordHash[i]); return form.format(",registration=%b]", registration).toString(); } }