ID: 13721
Title: Stop returning password hashes over WebAPI
Component: Setup
Level: 1
Class: Security fix
Version: 2.1.0i1
Previous to this Werk the <i>WebAPI</i> returned the password hashes and
SessionIds when calling the <i>get_all_users</i> action. If the user was a
automation user the password was returned in clear-text.
This data should not be returned ever. If you forgot a password you have to
reset it.