WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
User (Encrypted) Password Field Being Serialised
Low severity
GitHub Reviewed
Published
Apr 11, 2021
in
pwweb/laravel-core
•
Updated Jan 9, 2023
Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed.
Patches
Issue has been patched in version 0.3.7-beta and onwards.
Workarounds
Add the 'password' field to the Users model file in the hidden array:
/** * The attributes that should be hidden for arrays. * * @var array */protected$hidden = [
'remember_token',
'password',
];
For more information
If you have any questions or comments about this advisory:
Impact
Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed.
Patches
Issue has been patched in version 0.3.7-beta and onwards.
Workarounds
Add the 'password' field to the Users model file in the hidden array:
For more information
If you have any questions or comments about this advisory:
References