Potentially sensitive information leaked if an error occurs when a page is served over HTTPS
|Reported by:||frasern||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
If an error occurs while processing a request, Django sends an email to those defined in settings.ADMIN. This email contains a repr of the request object, which includes GET and POST data amongst other things. If the request came in over HTTPS then potentially very sensitive information could be leaked as plain text in the email.
HTTPS is designed to secure the transmission of the data between the browser and the server. The issue here is that the contents of Django's error email is not encrypted, so that as it travels from the web server to the admins' email servers it is in plain text form which any "man in the middle" could read.
The attached patch simply omits the request details if HTTPS was used.
I've discussed this with Jacob on the security mailing list and he's asked me to raise a ticket with this patch and assign it as 1.0 item.
Change History (12)
Changed 8 years ago by frasern
comment:1 Changed 8 years ago by Simon Greenhill
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted