Skip to content

/ s2member

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Notifications API for Registrations Sends Password in Plain Text #954

Closed
patdumond opened this issue Jun 1, 2016 · 2 comments
Closed

Notifications API for Registrations Sends Password in Plain Text #954

patdumond opened this issue Jun 1, 2016 · 2 comments
Assignees
@jaswrks
Labels
security
Milestone
v170524

Comments

@patdumond
Copy link

@patdumond patdumond commented Jun 1, 2016

Currently, the Notifications API for Registrations sends the password field in its data. This is a security problem and the password should never be sent in an Admin notification anyway. Suggest the password field be removed from this Notification.
@jaswrks jaswrks added the security label Jun 7, 2016
@jaswrks jaswrks added this to the Next Release milestone Jun 7, 2016
@raamdev raamdev modified the milestones: Next Release, Future Release Oct 12, 2016
@raamdev raamdev modified the milestones: Future Future Milestone, Future Release Nov 21, 2016
@jaswrks jaswrks self-assigned this Apr 17, 2017
jaswrks pushed a commit that referenced this issue Apr 18, 2017
jaswrks
Preparing pull request. See: #954
Unverified
No user is associated with the committer email.
Learn about signing commits
f4ab185
@jaswrks jaswrks mentioned this issue Apr 18, 2017
Merged
jaswrks pushed a commit that referenced this issue Apr 18, 2017
jaswrks
- (s2Member/s2Member Pro) **Security Enhancement:** This release remo…
Unverified
No user is associated with the committer email.
Learn about signing commits
3bc99fc 
…ves the `%%user_pass%%` Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see [Issue #954](#954). This Replacement Code was removed as a security precaution.
@jaswrks
Copy link
Contributor

@jaswrks jaswrks commented Apr 18, 2017

Coming soon .. Next Release

  • (s2Member/s2Member Pro) Security Enhancement: This release removes the %%user_pass%% Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see Issue #954. This Replacement Code was removed as a security precaution.
@raamdev raamdev mentioned this issue Apr 25, 2017
Closed
@raamdev
Copy link
Contributor

@raamdev raamdev commented May 24, 2017

s2Member v170524 has been released and includes changes from this GitHub Issue. See the v170524 announcement for further details.

This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#954).
@raamdev raamdev closed this May 24, 2017
@wpsharks wpsharks locked and limited conversation to collaborators May 24, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jaswrks jaswrks

Labels
security
Projects
None yet
Milestone
v170524
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@raamdev @jaswrks @patdumond