Skip to content

Welcome screen leaks (slightly) security relevant information #7643

New issue
New issue
Open
Open
Welcome screen leaks (slightly) security relevant information#7643
Labels
bugSomething isn't workingtriageThis issue needs to be triaged by a maintainer
@perler

Description

@perler
perler
opened on Jan 23, 2026

Is there an existing issue for this?

  • I have searched the existing issues

OS/Web Information

  • Web Browser: all
  • Local OS: all
  • Remote OS: all
  • Remote Architecture: all
  • code-server --version: : v4.108.1

Steps to Reproduce

  1. connect to URL

Expected

login mask

Actual

login mask with message:

Please log in below. Check the config file at /home/username/.config/code-server/config.yaml for the password.

This reveals at least the username at the system (and the location of the password) and is bad practice IMO.

Logs



Screenshot/Video


No response


Does this bug reproduce in native VS Code?


No, this works as expected in native VS Code


Does this bug reproduce in VS Code web?


No, this works as expected in VS Code web


Does this bug reproduce in GitHub Codespaces?


No, this works as expected in GitHub Codespaces


Are you accessing code-server over a secure context?


    

  •  I am using a secure context.
    • 



Notes


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    bugSomething isn't workingtriageThis issue needs to be triaged by a maintainer
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions