This repository has been archived by the owner on May 4, 2021. It is now read-only.
Admin Temporary Token has Full Access #32
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently, the admin token expires after one day, but has full admin rights. This token is not encrypted and is included in the url; this creates a security issue for 24 hrs after the token is created.
Proposed solution: limit the token's access to creating a password if one doesn't already exist.
The text was updated successfully, but these errors were encountered: