From 30f912800df7953375f489048d4ce83a942a4913 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 23 May 2014 12:55:34 -0500
Subject: [PATCH] oops: Don't log or email the clear text user+pass

---
 include/class.auth.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/class.auth.php b/include/class.auth.php
index 313e1a476..02e8eaf52 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -872,13 +872,13 @@ class UserAuthStrikeBackend extends  AuthStrikeBackend {
         if($authsession['strikes']>$cfg->getClientMaxLogins()) {
             $authsession['laststrike'] = time();
             $alert='Excessive login attempts by a user.'."\n".
-                    'Login: '.$username.': '.$password."\n".
+                    'Username: '.$username."\n".
                     'IP: '.$_SERVER['REMOTE_ADDR']."\n".'Time:'.date('M j, Y, g:i a T')."\n\n".
                     'Attempts #'.$authsession['strikes'];
             $ost->logError('Excessive login attempts (user)', $alert, ($cfg->alertONLoginError()));
             return new AccessDenied('Access Denied');
-        } elseif($authsession['strikes']%3==0) { //Log every other third failed login attempt as a warning.
-            $alert='Login: '.$username.': '.$password."\n".'IP: '.$_SERVER['REMOTE_ADDR'].
+        } elseif($authsession['strikes']%3==0) { //Log every third failed login attempt as a warning.
+            $alert='Username: '.$username."\n".'IP: '.$_SERVER['REMOTE_ADDR'].
                    "\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".'Attempts #'.$authsession['strikes'];
             $ost->logWarning('Failed login attempt (user)', $alert);
         }
-- 
GitLab