REST API : access to encrypted (or not) user passwords

I m into coding a one page application using the REST API, Auth being managed by token auth. I was quite surprised to discover that the user endpoint gives access to users passwords to any user using the API ! Could this user attribute be reserved to admin accounts just like in the web UI ?

0 votes

1 answers

771 views

ANSWER



Hi,

A fix for this is included in Nuxeo 6.0-HF31, you should apply the hotfix.

0 votes