Under certain circumstances the web interface users credentials may be recovered by an authenticated user.