You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
User (Encrypted) Password Field Being Serialised
Low severity
GitHub Reviewed
Published
Apr 11, 2021
in
pwweb/laravel-core
•
Updated Jan 9, 2023
Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed.
Patches
Issue has been patched in version 0.3.7-beta and onwards.
Workarounds
Add the 'password' field to the Users model file in the hidden array:
/** * The attributes that should be hidden for arrays. * * @var array */protected$hidden = [
'remember_token',
'password',
];
For more information
If you have any questions or comments about this advisory:
Impact
Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed.
Patches
Issue has been patched in version 0.3.7-beta and onwards.
Workarounds
Add the 'password' field to the Users model file in the hidden array:
For more information
If you have any questions or comments about this advisory:
References