Medium Pretorian reported an issue that password is returning is server response is potential threat to system.
The user’s password is returned in the response from the server when an administrator creates an account for a new employee
By sending a user password as a response during account registration, WORKTERRA increases the possibility of the password being sniffed on the wire, or compromised via local workstation access.
When registering a new employee, the employee's default password was displayed to the registrar.
Ideally we should not display password to administrator.
We need to find out all possible locations in System where we are sending password to client side.
Possible solution for this is to remove add employee popup which displays credentials.
Configuration flag should decide whether we need to display newly added employee password in alert or not.
