Fixes #2880: Sanitize user password if an exception is raised during login

CHANGELOG.md

@@ -16,6 +16,7 @@ v2.5.6 (FUTURE)
 * [#2862](https://github.com/digitalocean/netbox/issues/2862) - Follow return URL when connecting a cable
 * [#2864](https://github.com/digitalocean/netbox/issues/2864) - Correct display of VRF name when no RD is assigned
 * [#2877](https://github.com/digitalocean/netbox/issues/2877) - Fixed device role label display on light background color
+* [#2880](https://github.com/digitalocean/netbox/issues/2880) - Sanitize user password if an exception is raised during login
 
 ---
 

netbox/users/views.py

@@ -7,6 +7,7 @@ from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
 from django.utils.decorators import method_decorator
 from django.utils.http import is_safe_url
+from django.views.decorators.debug import sensitive_post_parameters
 from django.views.generic import View
 
 from secrets.forms import UserKeyForm
@@ -23,6 +24,10 @@ from .models import Token
 class LoginView(View):
     template_name = 'login.html'
 
+    @method_decorator(sensitive_post_parameters('password'))
+    def dispatch(self, *args, **kwargs):
+        return super().dispatch(*args, **kwargs)
+
     def get(self, request):
         form = LoginForm(request)