Dataplane should not return the password for failed auth attempts

[AdamJCrawford]

For failed auth attempts there are two (AFAIK) places in which the password gets returned and thus potentially logged. First and second. Seems like bad security practice to return password attempts even if they are incorrect. Additionally, if no password is set in the dataplane config file, any attempted password (even a potentially correct one) could still be logged. This could inadvertently expose passwords that users might reuse elsewhere.

[smeroth]

Engineering is aware about that.
It should be fixed soon.
Thanks

[mjuraga]

This should be fixed in the coming 3.1 release. I don't want to change this in current releases as it might break some clients, although this is an obvious bug.