Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credentials exposed on /teams endpoint #1632

Open
mcalr3 opened this issue Jun 20, 2024 · 0 comments
Open

Credentials exposed on /teams endpoint #1632

mcalr3 opened this issue Jun 20, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@mcalr3
Copy link

mcalr3 commented Jun 20, 2024
edited
Loading

Similar to a bug we reported on the /settings endpoint, there are also credentials exposed on the /teams endpoint.

Both team-admin and team-* users can access this and can gain access to the otomi-admin password.

You can see the endpoint by using F12 developer tools and using the Network tab to see the response from this endpoint.

Using Otomi v2.11.0
image
@mcalr3 mcalr3 added the bug Something isn't working label Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mcalr3