Submitting the password to an api hosted externally

[shivi1809]

The app appears to submit the PW to an api hosted externally, and without this validation it appears to pass all passwords as correct (even if listed in the block list)
When the API was blocked by the firewall it started to fail in this way. this aspect was not listed in any documentation so was missed in vetting initially but picked up in testing. We picked this up in our internal testing.
This destroys the entire purpose of using password filter in an organization for security. No one wants to send there passwords outside. Is it intentional? Is there any work around?

[athano]

@shivi1809 what API are you talking about? Can you link the code where it does that or provide the URL of the API it's trying to submit to?

From reading the code it just checks via a localhost socket which it hosts on port 5999