jasonwryan

Bug with get_folders

Recommended Posts

According to the documentation for get_folders:

if a secret is specified, will return info about the folder with this secret

However, specifying a secret just return the same (full) folder list, not just the details of the folder corresponding to the secret.

Of more concern is the fact that, without the password option enabled in your .conf, this query returns all of your secrets without requiring any authentication. This strikes me as a potential vulnerability. Surely a secret should be provided before this sort of sensitive information is returned?

Share this post


Link to post
Share on other sites

I can not confirm, I've been using this method and when supplying a secret it only returns a singular result.

 

I just test now to make sure I wasn't remembering wrong, and it absolutely worked perfectly.

 

And if I don't supply my password I get no results at all.... so I think something weird is happening on your end.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.