password sent on adding admin in the console

SEGUC17 / Foobar

1 stars 0 forks source link

password sent on adding admin in the console #47

Open minaamir26 opened 7 years ago

minaamir26 commented 7 years ago

A. Severity: ( high)

B. Reported: by Mina

C. Description: On adding an admin with an email (or even with any text) the password is sent in the console while I should only get it from the email sen to me

login as an admin
add admin with a text not an email
press add admin
see the console, you find all the data of this admin (including the password ! )

D. Expected result: The password should not be sent in the console, I should only get it from the email sent to me

markarsanious commented 7 years ago

It will only appear to the admin who added him so that's okay

minaamir26 commented 7 years ago

As an admin, I should not know the passwords of users or any other admins

markarsanious commented 7 years ago

as an admin, you won't get access to any profile of a user or a SP don't worry

minaamir26 commented 7 years ago

But with this info , email and password (that I got in the console) I can login with these info