Page MenuHomePhorge

/api/users/me response contains LDAP password
Closed, WontfixPublic

Description

The password is encoded, but still it should not be there, I think. I didn't check /api/users response, but would be good to make sure it does not contain passwords too.

Details

Ticket Type
Task

Event Timeline

machniak assigned this task to Adityab.
machniak raised the priority of this task from to 60.
machniak updated the task description. (Show Details)
machniak added a project: Manticore.
machniak changed Ticket Type from Task to Task.
machniak subscribed.

Good catch. On it (once I get the session closed event working).

vanmeeuwen subscribed.

This ticket is no longer relevant.