Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is unauthorized access to the API, resulting in the disclosure of sensitive information #7

Open
topdayplus opened this issue Apr 30, 2023 · 1 comment
Open

There is unauthorized access to the API, resulting in the disclosure of sensitive information #7

topdayplus opened this issue Apr 30, 2023 · 1 comment

Comments

@topdayplus
Copy link

This api does not require login, obtains user information through user_id, and returns the user name, password, and email address in plain text.

02

It is like the preview address provided by the project, macwk.cc, and the backend service address is macwk.cc/api through the request body. So we can get any user information, including the administrator.

03

04
@Thecosy
Copy link
Owner

Thecosy commented May 1, 2023

Sorry, this interface is the interface for the foreground to obtain other user information. It is open. I will authenticate him in the next version. And hide key information. thank you for your support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@topdayplus @Thecosy