[Bug] docker-compose.yml stores the password in clear text

[oe3gwu]

What version of WinBoat are you running?

0.9.0

Your Environment

Same as Issue #658

Steps to Reproduce / Context

Open ~/.winboat/docker-compose.yml with the editor.

I uploaded a docker-compose.yml but with a redacted password.

Logs

container.log

docker-compose.yml

install.log

winboat.log

Expected Behavior

at least a hashed or salted hashed password.

Current Behavior

It is written in there in clear text.

Possible Solution

No idea. please find a better solution. Clear Text passwords must not exist anymore. The attack vectors to services are massive - if some pw is used. And in a Network this possibility exists. Also there is no indication somewhere that this is saved.

Quality Notice

• I have checked the issue tracker and verified that this bug is a unique case.

[abrefael]

Thank you for pointing this "bug". I forgot my Windows password. 😅

[crystaltechuk]

Your password looks like its also in the log file.

seems related to #235

[Nimmy-is-silly]

yeah i'm struggling w the same issue too
mine is that winboat stores the password in a string, yet the login dosent work
i tried removing the "", changing it to '', or removing them entirely and keep it a plain text

nothing worked
even the autologin didn't work, as well as the recovery thing (recovery options didn't work)
"Reset password" asks me for a USB idk why