[原文]The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.
Taskjitsu Change Password Form Password Hash Disclosure
Taskjitsu contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user attempts to change a password, which will disclose the encrypted password hash resulting in a loss of confidentiality. This type of disclosure is typically more serious when it occurs on shared/public computers.
Upgrade to version 2.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.