Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-16138

Email addresses are shown in clear in REST results

    XMLWordPrintable

Details

    • Unit
    • Medium
    • Hard
    • N/A
    • N/A
    • Pull Request accepted

    Description

      We need to check the obfuscation parameter and obfuscate the email if on.

      Reproduction steps:

      Expected

      • The mail is obfuscated

      Actual:

      • The mail is displayed un-obfuscated

      Actually what's really bad is that the same is true for password that are returned (hashed) to the end user, making them very easily breakable offline (e.g., rainbow tables and such)

      Attachments

        Issue Links

          Activity

            People

              mleduc Manuel Leduc
              vmassol Vincent Massol
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: