I find a security problem in Mantis 1.0.0-rc3
I desactivate the creation of account by email.
Only administrator can create user by the interface. The problem is that
password appears in clear in the data base.
When the user changes his password the same problem appears.
Password must be encrypted in the database NO ?
I made modification for encrypt password in MD5 in core/user_api.php. I give
you my modifications.
When do you think of this ?
Do you see another solution ?
Can you resolve the problem fastly ?
Thanks a lot ...
Best Regards from Paris
Carole alias Brunette
Get latest updates about Open Source Projects, Conferences and News.