Information leakage in admin panel

anexia / drf-multitokenauth

An extension to Django-Rest-Frameworks Token Authentication, enabling a user to have multiple authorization tokens

BSD 3-Clause "New" or "Revised" License

14 stars 5 forks source link

Closed anx-ckreuzberger closed 6 years ago

anx-ckreuzberger commented 6 years ago

Same as with Issue 6131 on django-rest-frameworks (regarding Token Authentication), this package uses the auth token as the primary key.

An administrator clicking on a token within the admin panel will leak that token into one or many logfiles. E.g.:

anx-ckreuzberger commented 6 years ago

Fixed with commit 7e11ed606271eff0693a9280f8a30349c7e90b27 and release 1.3.1