Smtp creds are visible to end user - Security Risk
ckieler-cb opened this issue · 0 comments
ckieler-cb commented
Hello,
If we set LockSettings = true
The window for the settings shows and if the user has provided smtp credentials (under message relay tab) they can open dev tools and remove the type="password" to expose the smtp password.
In previous versions of this tool, the ability to open the window was disabled altogether via LockSettings = true.
Could the frontend be updated to not include the actual values when LockSettings = true ?