ECOM-1947: updated the middleware to exclude the password strings from event logging

common/djangoapps/track/middleware.py

@@ -63,7 +63,7 @@ class TrackMiddleware(object):
             # files when we change this.
 
             censored_strings = ['password', 'newpassword', 'new_password',
-                                'oldpassword', 'old_password']
+                                'oldpassword', 'old_password', 'new_password1', 'new_password2']
             post_dict = dict(request.POST)
             get_dict = dict(request.GET)
             for string in censored_strings: