Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 961866
When handling passwords in forms like http(s)://youripaserver.com/ipa/ui/reset_password.html, we should specifically use POST method instead of GET to avoid having user passwords logged in apache's `access` log.
The problem exists only in the case of misconfiguration.
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
reset_password.html uses POST for at least four years now.
reset_password.html
Metadata Update from @cheimes: - Issue close_status updated to: fixed
Login to comment on this ticket.