There’s something wrong with your new user on-boarding for the Forum.
I never added any text to the Machines section of my profile - I never actually set up my profile before I posted my first question. In response to my first post, @LightBurn included a snapshot of my profile and the “Machines” section contained my password.
I’ve changed the password since discovering this, but having never entered anything in the Machines field it’s curious that my password got there somehow even tho I had never visited any of the profile pages until this morning to get things updated. After setting up my profile and changing my password I checked the Machines field and it contains what I submitted as my actual machine info.
It looks like this occurs upon initial on-boarding when the user doesn’t deliberately set up their profile after signing up.
Steps to reproduce (likely):
- Onboard a new user, set the password and do not set any profile attributes
- Have the new user confirm/activate their login via email
- Logout the new user after activation confirmation
- Have an admin copy and/or view the new users (untouched) profile page
- The user’s password appears in the Machines field
I hope this helps… Feel free to reach out if you have additional questions.