Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)

  • Status Closed
  • Percent Complete
    100%
  • Task Type Anomalie
  • Category Freebox OS → API
  • Assigned To No-one
  • Operating System Tous
  • Severity Critical
  • Priority Very Low
  • Reported Version 2.1.0
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)
Opened by Djmomo - 05/03/2014
Last edited by nipo - 06/03/2014

FS#14410 - login/authorize renvoie du code en clair dans le challenge

L’appel à api/v1/login/authorize/ avec n’importe quel {track_id}, via un navigateur (et non curl ou wget) affiche du code source Javascript dans la valeur du challenge.

{"success":true,"result":{"status":"unknown","challenge":["var _pwscuv = { _ppmi: '_wPdjak' }; _pwscuv._ppmi.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%32%2E%38%38%29%20%2B%20%30%20%2D%20%31')))","var _jrican = { _ggyidus: '_niwoc' }; _jrican._ggyidus.charAt(eval(unescape('%28%28%32%20%2A%20%34%32%20%2D%20%34%32%29%20%2F%20%32%31%29')))","var _ahdamxt = '_hfnbmyv';var _gpejdkt = new RegExp(_ahdamxt.charAt(eval(unescape('%32'))), 'g');String.fromCharCode(_ahdamxt.replace(_gpejdkt, '4').charCodeAt(eval(unescape('%32'))))","var _qkhkfn = '_arlp';var _ljcbkk = new RegExp(_qkhkfn.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%37%31%29%20%2B%20%31%20%2D%20%31'))), 'g') [...] 5F%67%78%72%6B%76%68%2E%5F%6E%6D%6D%75%72%66%20%2B%20%33'))))","'c'"],"password_salt":"7wGp9AcEzRWYJaz4oI6hN8x6dg03MndU"}}
Closed by  nipo
06.03.2014 14:12
Reason for closing:  Sans objet
Additional comments about closing:  

Ceci ne survient que depuis un navigateur en mode interactif (un xmlhttprequest aura une réponse comme attendu) et n'est pas censé faire partie de votre flot d'authentification.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing