Platform sharing your Username and Password with

Today I find bug in the Outsystems I would like to share.

When you building mobile application, Application Server send request to , which is Outsystems own MABS to create mobile app.

What is very strange there, that it will share your username and password. Here you are request headers.

Authorization: Basic UserNamePasswordINBase24Encodign==
User-Agent: OutSystemsPlatform
Content-Type: application/json; charset=UTF-8
Content-Length: 26570

A do not see any reason, why external service should receive in plain format user name and password from the developer who did this submission. 


Hi Denis,

Thanks for reporting this, I'll direct OS's attention to it.


We were not able to replicate that behaviour yet.
Can you open a support case so we can have our support team working on that with you?