/api/users/me response contains LDAP password
Closed, WontfixPublic


The password is encoded, but still it should not be there, I think. I didn't check /api/users response, but would be good to make sure it does not contain passwords too.


Ticket Type

Event Timeline

machniak created this task.Dec 4 2015, 11:58 AM
machniak updated the task description. (Show Details)
machniak raised the priority of this task from to 60.
machniak assigned this task to Adityab.
machniak added a project: Manticore.
machniak changed Ticket Type from Task to Task.
machniak added a subscriber: machniak.

Good catch. On it (once I get the session closed event working).

vanmeeuwen closed this task as Wontfix.Mar 22 2019, 11:55 AM
vanmeeuwen added a subscriber: vanmeeuwen.

This ticket is no longer relevant.