As an administrator you can retrieve all password from all user by inspecting the WebGUI html source code. This seams like quite a bug. Also when you dump the configuration, all passwords can be found in plain text.
Simple solution: encrypt all passwords by standard, maybe only by md5, which already improves the security great!
Log in to post a comment.