Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] email validation links or password reset, risk leaking information #49

Open
pandurangpatil opened this issue Sep 1, 2022 · 0 comments
Open

[BUG] email validation links or password reset, risk leaking information #49

pandurangpatil opened this issue Sep 1, 2022 · 0 comments
Assignees
@ojaswa1942
Labels
bug Something isn't working dashboard The issue is related to Privado Cloud Dashboard

Comments

@pandurangpatil
Copy link
Member

Describe the bug
email validation links or password reset links risk leaking information (ex: https://email.auth.privado.ai/prod/redirect?code=&username=&clientId=&region=eu-west-1&email=&isCLI=true&website=). I’m certain all that GET data could be POSTed, encrypted, tokenized, or otherwise set up to prevent data leakage.
What’s up with the no-reply@verificationemail.com sender for account registration and password resets? It makes it hard to find, but is also likely to make people wonder who Privado is sharing user data with.
@pandurangpatil pandurangpatil added the bug Something isn't working label Sep 1, 2022
@ojaswa1942 ojaswa1942 added the dashboard The issue is related to Privado Cloud Dashboard label Sep 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ojaswa1942 ojaswa1942

Labels
bug Something isn't working dashboard The issue is related to Privado Cloud Dashboard
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pandurangpatil @ojaswa1942