fix: Security Misconfiguration

Backend/src/api/events/admin-accounts.controller.ts

@@ -59,8 +59,7 @@ export class AdminAccountsController implements interfaces.Controller {
         if (!this.passWordHashingService.isPasswordHashed(passWord, result[0].passWord)) {
           if (backendConfiguration.debug) {
             return response.status(400).json({
-              error: `The password \"${passWord}\" with the hash
-              \"${passwordHash}\", does not match the hash \"${result[0].passWord}\" of the stored password!`
+              error: `The password is incorrect!`
             });
           } else {
             return response.status(400).json({

Backend/src/api/events/change-user-profile.controller.ts

@@ -60,9 +60,7 @@ export class ChangeUserProfileController implements interfaces.Controller {
 
       if (!this.passWordHashingService.isPasswordHashed(request.body.oldPassword, userAccounts[0].passWord)) {
         return response.status(400).json({
-          error: `The old password \"${request.body.oldPassword}\" 
-          with the hash \"${hashedPassword}\"
-           and the hash \"${userAccounts[0].passWord}\" of the password found in the database do not match!`
+          error: `The password is incorrect!`
         });
       }
 

Backend/src/api/events/user-accounts.controller.ts

@@ -59,8 +59,7 @@ export class UserAccountsController implements interfaces.Controller {
         if (!this.passWordHashingService.isPasswordHashed(passWord, result[0].passWord)) {
           if (backendConfiguration.debug) {
             return response.status(400).json({
-              error: `The password \"${passWord}\" with the hash
-              \"${passwordHash}\", does not match the hash \"${result[0].passWord}\" of the stored password!`
+              error: `The password is incorrect!`
             });
           } else {
             return response.status(400).json({