Open Closed

Security vulnerability. #8523

User avatar
0
ahmedelkady created
  • ABP Framework version: v9
  • UI Type: Angular / MVC / Blazor WASM / Blazor Server
  • Database System: EF Core (SQL Server)
  • Tiered Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue: when calling api/abp/application-configuration?includeLocalizationResources=false it shows sensitive settings such as "Abp.Identity.OAuthLogin.ClientSecret":"our-outh-secret" which is a very high vulnerability can you please guide us how solve this and why this is happening also there is too much information which shouldn't be exposed that easy. even the secret is stored as a plain text in AbpSettings!.
Go to accepted answer
1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    We will fix it immediately. your ticket was refunded.

    You can use this temporary solution:

    public class TestAppSettingDefinitionProvider : SettingDefinitionProvider
{
    public override void Define(ISettingDefinitionContext context)
    {
        var secret = context.GetOrNull(IdentityProSettingNames.OAuthLogin.ClientSecret);
        secret.IsVisibleToClients = false;
    }
}
Assignee
User avatar liangshiwei
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 20, 2025, 18:00