We’ve just released SiteDash Client v1.2.1. This release includes a security fix and it’s recommended to update as soon as possible. You can quickly update the client on your sites through the dashboard.
In certain cases when remotely creating the database backup would fail, the full command including the mysql password would be returned from the client and shown in the dashboard. The database password is obviously privileged information that we don’t ever want to have inside SiteDash, or transferred over the internet at all.
Over the next few days we’ll take a closer look to assess when this issue was introduced (at first glance, it seems limited to client v1.2.0 released yesterday, but we want to make sure) and to make sure all traces have been removed from our system. We’ll reach out to affected users individually as well to recommend changing the mysql password as an additional precaution.