Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New AD user can see all passwords first login time #1071

Closed
thesNu opened this issue Oct 30, 2015 · 4 comments
Closed

New AD user can see all passwords first login time #1071

thesNu opened this issue Oct 30, 2015 · 4 comments

Comments

@thesNu
Copy link

thesNu commented Oct 30, 2015

  1. There are some passwords in some folders.
  2. As admin I deleted user 'test' (user in LDAP/AD) from TeamPass.
  3. Then, first time login 'test' user can see all folders with passwords.
  4. After logoff or reload page, everything is OK, user 'test' can see only personal folder.

TeamPass 2.1.23 (clean install)
To reproduce: Enable Personal folder feature must be On
@juanfalguera
Copy link

I've got the same issue here with version 2.1.23. This is a very serious security issue and we should alert everyone.

@thesNu
Copy link
Author

thesNu commented Jan 12, 2016

How to do this?

@nilsteampassnet
Copy link
Owner

Please look at #1153

@chetanpachare
Copy link

Finally, I have reached to the problem.
This problem can be solved by setting the option "Enable Personal folder feature= No " in team pass setting page.

Then try to login via LDAP users. You will not see any exiting folders.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nilsteampassnet @thesNu @juanfalguera @chetanpachare