Welcome screen leaks (slightly) security relevant information #7643
Description
Is there an existing issue for this?
- I have searched the existing issues
OS/Web Information
- Web Browser: all
- Local OS: all
- Remote OS: all
- Remote Architecture: all
code-server --version: : v4.108.1
Steps to Reproduce
- connect to URL
Expected
login mask
Actual
login mask with message:
Please log in below. Check the config file at /home/username/.config/code-server/config.yaml for the password.
This reveals at least the username at the system (and the location of the password) and is bad practice IMO.
Logs
Screenshot/Video
No response
Does this bug reproduce in native VS Code?
No, this works as expected in native VS Code
Does this bug reproduce in VS Code web?
No, this works as expected in VS Code web
Does this bug reproduce in GitHub Codespaces?
No, this works as expected in GitHub Codespaces
Are you accessing code-server over a secure context?
- I am using a secure context.
Notes
No response