Platform sharing your Username and Password with nativebuilder.api.outsystems.com

Today I find bug in the Outsystems I would like to share.

When you building mobile application, Application Server send request to https://nativebuilder.api.outsystems.com/v1 , which is Outsystems own MABS to create mobile app.

What is very strange there, that it will share your username and password. Here you are request headers.

POST https://nativebuilder.api.outsystems.com/v1/RequestBuild?RequesterId=XFR.IXA.XDA.XQT.XKB.XLM.X7I.XOU&Platform=iOS HTTP/1.1
Authorization: Basic UserNamePasswordINBase24Encodign==
User-Agent: OutSystemsPlatform
Content-Type: application/json; charset=UTF-8
Host: nativebuilder.api.outsystems.com
Content-Length: 26570


A do not see any reason, why external service should receive in plain format user name and password from the developer who did this submission. 


Solution

Hi Denis,

Thanks for reporting this, I'll direct OS's attention to it.

Solution

We were not able to replicate that behaviour yet.
Can you open a support case so we can have our support team working on that with you?