#130 WebGUI & user passwords

9.0.0.1
closed
nobody
None
1
2015-05-11
2013-09-26
No

As an administrator you can retrieve all password from all user by inspecting the WebGUI html source code. This seams like quite a bug. Also when you dump the configuration, all passwords can be found in plain text.

Simple solution: encrypt all passwords by standard, maybe only by md5, which already improves the security great!

Related

Bugs: #130

Discussion

  • zoon01
    zoon01
    2015-05-11

    • Status: open --> closed
     
    • Please re-open, this is not fixed.

       
      • zoon01
        zoon01
        2015-06-02

        On 10.1 the admin password has now been encrypted tos ha-256

        Regards,
        Zoon01

        -----Oorspronkelijk bericht-----
        Van: Bob van de Vijver [mailto:bobvandevijver@users.sf.net]
        Verzonden: dinsdag 12 mei 2015 9:03
        Aan: [nas4free:bugs]
        Onderwerp: [nas4free:bugs] Re: #130 WebGUI & user passwords

        Please re-open, this is not fixed.


        [bugs:#130] WebGUI & user passwords

        Status: closed
        Group: 9.0.0.1
        Created: Thu Sep 26, 2013 09:37 AM UTC by Bob van de Vijver Last
        Updated:
        Mon May 11, 2015 04:27 PM UTC
        Owner: nobody

        As an administrator you can retrieve all password from all user by
        inspecting the WebGUI html source code. This seams like quite a bug. Also
        when you dump the configuration, all passwords can be found in plain text.

        Simple solution: encrypt all passwords by standard, maybe only by md5, which
        already improves the security great!


        Sent from sourceforge.net because you indicated interest in
        https://sourceforge.net/p/nas4free/bugs/130/

        To unsubscribe from further messages, please visit
        https://sourceforge.net/auth/subscriptions/

         

        Related

        Bugs: #130