Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manager creates api credentials without expiration, allowed ip addresses and rights #12946

Open
2 tasks done
notz opened this issue Sep 4, 2024 · 0 comments
Open
2 tasks done

Manager creates api credentials without expiration, allowed ip addresses and rights #12946

notz opened this issue Sep 4, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@notz
Copy link

notz commented Sep 4, 2024

Have you already contacted our help centre?

  • Yes, I have contacted the help centre.

Is there an existing issue for this?

  • I have checked the existing issues

Describe the bug

The manager seems to create a new credential (perhaps on every login) without any restrictions and expiration.

We have now 154 valid credentials without expiration or allowed ips and all paths allowed. I think it's a security risk.

Steps To Reproduce

  1. Open api console https://eu.api.ovh.com/console/?section=%2Fme&branch=v1#get-/me/api/credential
  2. And check the credentials

Expected Behavior

Credentials should be created with expiration and with allowed ips set.

What browsers are you using?

Chrome

Which devices are used?

Desktop

Additional information to add?

No response
@notz notz added the bug Something isn't working label Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@notz