Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5391

REST API - Access to list of all user with non admin rights

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 1.10.3
    • 1.12.6, 1.13.1
    • REST
    • Security Level: Default (Default Security Scheme)
    • None
    • NMS Sprint 1

    Description

      If you use the REST API with a user, that has no admin permissions on OpenNMS (admin role), and do a GET on http://<OpenNMS-Host>:8980/opennms/rest/users, you get a list with all users with their MD5 password hash. I'm not sure, but I think, it is better, if only users with admin permissions can get this information.

      Attachments

        Activity

          People

            ranger Benjamin Reed
            michael_nt Michael Batz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: