New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Notifications API for Registrations Sends Password in Plain Text #954

Closed
patdumond opened this Issue Jun 1, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@patdumond

patdumond commented Jun 1, 2016

Currently, the Notifications API for Registrations sends the password field in its data. This is a security problem and the password should never be sent in an Admin notification anyway. Suggest the password field be removed from this Notification.

@jaswrks jaswrks added the security label Jun 7, 2016

@jaswrks jaswrks added this to the Next Release milestone Jun 7, 2016

@raamdev raamdev modified the milestones: Next Release, Future Release Oct 12, 2016

@raamdev raamdev modified the milestones: Future Future Milestone, Future Release Nov 21, 2016

@jaswrks jaswrks self-assigned this Apr 17, 2017

jaswrks pushed a commit that referenced this issue Apr 18, 2017

jaswrks

jaswrks pushed a commit that referenced this issue Apr 18, 2017

jaswrks
- (s2Member/s2Member Pro) **Security Enhancement:** This release remo…
…ves the `%%user_pass%%` Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see [Issue #954](#954). This Replacement Code was removed as a security precaution.
@jaswrks

This comment has been minimized.

Member

jaswrks commented Apr 18, 2017

Coming soon .. Next Release

  • (s2Member/s2Member Pro) Security Enhancement: This release removes the %%user_pass%% Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see Issue #954. This Replacement Code was removed as a security precaution.
@raamdev

This comment has been minimized.

Contributor

raamdev commented May 24, 2017

s2Member v170524 has been released and includes changes from this GitHub Issue. See the v170524 announcement for further details.


This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#954).

@raamdev raamdev closed this May 24, 2017

@websharks websharks locked and limited conversation to collaborators May 24, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.