https://connect.hyland.com/t5/nuxeo-forum/rest-api-access-to-encrypted-or-not-user-passwords/m-p/327306#M14307 <P>Hi,</P> <P>A fix for this is included in Nuxeo 6.0-HF31, you should apply the hotfix.</P> Tue, 20 Sep 2016 10:25:02 GMT Florent_Guillau 2016-09-20T10:25:02Z https://connect.hyland.com/t5/nuxeo-forum/rest-api-access-to-encrypted-or-not-user-passwords/m-p/327305#M14306 <P>I m into coding a one page application using the REST API, Auth being managed by token auth. I was quite surprised to discover that the user endpoint gives access to users passwords to any user using the API ! Could this user attribute be reserved to admin accounts just like in the web UI ?</P> Tue, 20 Sep 2016 10:18:37 GMT https://connect.hyland.com/t5/nuxeo-forum/rest-api-access-to-encrypted-or-not-user-passwords/m-p/327305#M14306 pibou_Bouvret 2016-09-20T10:18:37Z https://connect.hyland.com/t5/nuxeo-forum/rest-api-access-to-encrypted-or-not-user-passwords/m-p/327306#M14307 <P>Hi,</P> <P>A fix for this is included in Nuxeo 6.0-HF31, you should apply the hotfix.</P> Tue, 20 Sep 2016 10:25:02 GMT https://connect.hyland.com/t5/nuxeo-forum/rest-api-access-to-encrypted-or-not-user-passwords/m-p/327306#M14307 Florent_Guillau 2016-09-20T10:25:02Z