Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Notifications API for Registrations Sends Password in Plain Text #954

Closed
patdumond opened this issue Jun 1, 2016 · 2 comments
Closed

Notifications API for Registrations Sends Password in Plain Text #954

patdumond opened this issue Jun 1, 2016 · 2 comments
Assignees
Labels
Milestone

Comments

@patdumond
Copy link

@patdumond patdumond commented Jun 1, 2016

Currently, the Notifications API for Registrations sends the password field in its data. This is a security problem and the password should never be sent in an Admin notification anyway. Suggest the password field be removed from this Notification.

@jaswrks jaswrks added the security label Jun 7, 2016
@jaswrks jaswrks added this to the Next Release milestone Jun 7, 2016
@raamdev raamdev modified the milestones: Next Release, Future Release Oct 12, 2016
@raamdev raamdev modified the milestones: Future Future Milestone, Future Release Nov 21, 2016
@jaswrks jaswrks self-assigned this Apr 17, 2017
jaswrks pushed a commit that referenced this issue Apr 18, 2017
jaswrks
jaswrks pushed a commit that referenced this issue Apr 18, 2017
…ves the `%%user_pass%%` Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see [Issue #954](#954). This Replacement Code was removed as a security precaution.
@jaswrks
Copy link
Contributor

@jaswrks jaswrks commented Apr 18, 2017

Coming soon .. Next Release

  • (s2Member/s2Member Pro) Security Enhancement: This release removes the %%user_pass%% Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see Issue #954. This Replacement Code was removed as a security precaution.
@raamdev
Copy link
Contributor

@raamdev raamdev commented May 24, 2017

s2Member v170524 has been released and includes changes from this GitHub Issue. See the v170524 announcement for further details.


This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#954).

@raamdev raamdev closed this May 24, 2017
@wpsharks wpsharks locked and limited conversation to collaborators May 24, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants