Security concern for the V5.11 Log feature in demo

hypoclonea year ago

Hello! I logged into one of the traccar demo server to check the new log features, I could see raw data from many devices coming in, this data exposes device ID which any registered user can see.

SwayDeva year ago

That is a good catch. Logged in and yeah I am able to see other devices logs.

I cant validate, however if Click on the ? icon and edit the devices name, it also edits the name (the console, when I checked API response of /devices) the device object now contains the name i edited it too.

Although I do not have this device in my account. (demo4, device id :10093) edited name to "ss" (Sorry, I was not sure it would actually change)

Anton Tananaeva year ago

Those are unregistered devices. That's expected.

hypoclonea year ago

Alright Anton. Thank you for all you do...you are greatly appreciated

Ashok Chandraa year ago

There is any possibility for stop receiving data from unregistered device?

Anton Tananaeva year ago