Security vulnerabilities and automated fixes for password masking issues
1 post found
A medium-severity vulnerability in `tools/cli/aroma.py` allowed keystore passwords entered via the `get_input()` function to be displayed in plaintext on the terminal, stored unmasked in memory, and potentially recorded in shell history files. The fix introduces Python's `getpass` module and a new `secret` parameter to `get_input()`, ensuring sensitive credential input is properly masked during entry. This change directly protects users of the CLI tool from credential exposure during routine key