The remote_address value returned by /api/v1/auth/authinfo and /_plugins/_security/authinfo exposes an IP address, which is a potential security risk. Is that value used for anything? Is there any way to hide it for users?
Hi @evamillan,
Isn`t that a source IP address (a.k.a. user IP address) already known to the endpoint user?
Have you tried restricting the authinfo endpoint altogether?
best,
mj