When I go to the 'Support' tab in the latest build of 9.3-STABLE, currently 201502271818, the 'Username' field is filled in with 'root' and the 'Password' field has dots in it. Above this is a message in red saying: "Incorrect Username or Password".
Is this page communicating with the 'bugs' server and trying out the username and password? And if it is, is it sending my root password or a hash of it? If so, this would seem to be a security risk.
Edit: I am not sure why these fields are pre-filled. 'Root' is likely to be the current user in the GUI, and if it is only a random or empty password that is sent the dots are misleading. 'Root' is quite unlikely to be the username for the web page, even with conventional capitalisation. There seems to be no way to save the relevant username and password except by submitting a bug, so a 'save username and password' button would be good; or just leave the fields blank until populated by the user?
Is this page communicating with the 'bugs' server and trying out the username and password? And if it is, is it sending my root password or a hash of it? If so, this would seem to be a security risk.
Edit: I am not sure why these fields are pre-filled. 'Root' is likely to be the current user in the GUI, and if it is only a random or empty password that is sent the dots are misleading. 'Root' is quite unlikely to be the username for the web page, even with conventional capitalisation. There seems to be no way to save the relevant username and password except by submitting a bug, so a 'save username and password' button would be good; or just leave the fields blank until populated by the user?
Last edited: