When injecting a password as an environment variable I expect it to be masked in the Jenkins output console. This works as expected, but the password string is masked for every single match in the console output, even when it is not meant to be a password.
I found this by accident as I was experimenting. You shouldn't run into this all that often, but I thought I should point it out.
By looking at the screenshots attached I'm pretty sure you can all guess what my password was set to.