Private key is shown in Error message on invalid pass phrase
MHC03 opened this issue · comments
MHC03 commented
CryptKey.php allows the private key to either be a file or its contents directly. When I pass in the contents and give it the wrong pass phrase the private key is shown through the LogicException message. This might be a security issue.
oauth2-server/src/CryptKey.php
Line 67 in 8ab731e
Andrew Millington commented
Thanks for this. Great spot. Fixed in PR #1353. Cheers for reporting
MHC03 commented
Thank you very much for this quick fix and release!