Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneImgnotfoundH1:965510
HistoryAug 24, 2020 - 12:36 a.m.

Shopify: Password protection can be removed for newly created development store

2020-08-2400:36:27
imgnotfound
hackerone.com
100
JSON

Details

Per https://help.shopify.com/en/partners/dashboard/managing-stores/development-stores#the-development-store-password-page, it states that the password can only be removed once the store has been transferred or switch to a paid plan.

You can remove the password page only after you transfer the store to a merchant or switch the store to a paid plan.

However, it is still possible to remove the password by using the GraphQL PreferencesSave operation.

Steps to reproduce

  1. Create a development store using a partner account
  2. From that shop admin, go to Online Store > Preferences
  3. Make any change to the page and intercept the request
  4. Update the passwordProtection.enabled property to false

The store is now paswordless.

Demo

ā–ˆā–ˆā–ˆā–ˆ

Impact

Disable development store password

JSON