Remove the login user name from system emails you send

  1. eitanc


    In at least version 5.4.2:

    When one changes an admin email address, you send an email with a subject line of "New Admin Email Address".

    The issue is that this email's body begins with "Howdy <username>", when <username> is the actual login admin user name (not the friendly display name).
    I didn't see this in other system emails you send.

    I think it is a bad security practice, as once can use a unique login username to make hard for attackers – and you simply send it by email and email is not the most secure channel.

    So, please consider removing this value from this email (and any other emails you send with this value, if you have such).


    Posted: 1 month ago #

RSS feed for this topic


You must log in to post.

  • Rating

    1 Vote
  • Status

    This idea is under consideration