When looking at our users page today, I saw a little Array [2] helper at the bottom, exactly like you see in the history for a processed email. This contained the information about the users who hadn’t yet accepted their confirmation emails. Wasn’t sure if it was expected to be there, especially since it contained security information like the auth code Maybe for internal troubleshooting for you, versus us? Just wanted to make sure you knew in case something which was supposed to be hiding it, wasn’t. If it’s intended, then it’s all good!
Hi @DBachen
Thanks for reporting this.
The information displayed is debug information and should not be displayed, but does not contain any security breach. The code field is populated with the user’s ID in our SSO system, and is not the same code the user receives to verify their email address.
We’ll remove that array debug output during our next release.
In the future, please report any security concerns directly to us at [email protected].
Thanks!
1 Like