Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#130 WebGUI & user passwords

9.0.0.1
open
nobody
None
1
2013-09-26
2013-09-26
No

As an administrator you can retrieve all password from all user by inspecting the WebGUI html source code. This seams like quite a bug. Also when you dump the configuration, all passwords can be found in plain text.

Simple solution: encrypt all passwords by standard, maybe only by md5, which already improves the security great!

Discussion