El correo electrónico del usuario no está oculto en el área de Single Sign On de la página de administración.

Karl_Romanowski · 12 Agosto, 2020 17:58

When viewing a User on the admin/users page the Primary Email and Secondary Email fields are hidden, and require permissions to view:

But the same email is shown unprotected when using SSO further down the page:

Expected: SSO Email is protected like the Primary and Secondary emails.

Actual: SSO Email is not protected, and visible to moderators even when site settings forbid showing emails to moderators.

One more comment, I mentioned email but really even the External ID can be sensitive info too.

simon · 12 Agosto, 2020 23:52

I’m not sure if this qualifies as a bug, but it’s definitely an issue that needs to be addressed.

techAPJ · 10 Noviembre, 2020 19:13

Fixed via:

techAPJ · 17 Febrero, 2021 16:45

@anon60302432 brought into our notice that SSO payload includes email as well so we’ve hidden the payload behind a button click as well, via:

Tema		Respuestas	Vistas
Moderators should not see emails in SSO section UX	12	1675	12 Noviembre 2020
SSO payload can be seen be moderators again? Support	9	1075	15 Febrero 2021
Can no longer view users emails as a moderator Support	6	1173	28 Julio 2018
Email security/obscurity for moderators is inconsistent Bug	15	2992	29 Septiembre 2015
Moderators ability to see emails inconsistent Bug	3	1312	13 Marzo 2016