[Privacy Issue] Copy IP in a:session with denied permission
Daechler opened this issue · 1 comments
Daechler commented
You can copy the IP of a user with a:session, although the permission to do so has been denied.
Recreate:
- deny the auxprotect.lookup.action.session.ip permission
- make a lookup (e.g. /ap lookup user:Daechler action:session)
- click on [REDACTED]
- you have successfully copied the IP
ks-hl commented
Good catch. Will fix soon