Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5391

REST API - Access to list of all user with non admin rights

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.10.3
    • Fix Version/s: 1.12.6, 1.13.1
    • Component/s: REST
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Sprint:
      NMS Sprint 1

      Description

      If you use the REST API with a user, that has no admin permissions on OpenNMS (admin role), and do a GET on http://<OpenNMS-Host>:8980/opennms/rest/users, you get a list with all users with their MD5 password hash. I'm not sure, but I think, it is better, if only users with admin permissions can get this information.

        Attachments

          Activity

            People

            • Assignee:
              ranger Benjamin Reed
              Reporter:
              michael_nt Michael Batz
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: