Logs showing plain password October 04, 2019, 10:59:45 AM The application storing the new user registrations with passwords in plain text. Security issue.. Quote Selected
Re: Logs showing plain password Reply #1 – October 04, 2019, 12:39:56 PM There's option to save password in plain text or hash the password using(BCRYPT,SHA1,MD5...) before saving. Probably you have chosen to save as plain text. Please verify before you post something like this. Quote Selected
Re: Logs showing plain password Reply #2 – October 07, 2019, 03:27:22 AM Hi Emman,The password storing into database is encrypted (MD5).Im talking about the LOGS file. Could you advise plz? Quote Selected
Re: Logs showing plain password Reply #3 – October 08, 2019, 06:31:56 AM Hi Emman, Any updates?sometimes, Silence is considered as acceptance.Hopes some other public forum members could verify this issue themselves too. Because if this is actual case, the PHPRAD deve team have to work on this matter too. Quote Selected
Re: Logs showing plain password Reply #4 – October 08, 2019, 11:10:49 AM @vvcares what action did you take that logged your password? Quote Selected
Re: Logs showing plain password Reply #5 – October 08, 2019, 02:37:39 PM Hi,1. PHPRAD project > enable >Authentication 2. Assign DB tables3. Allow users to register4. Set Audit Trail Log > FILE5. Registration page > Password field > set as PASSWORD & MD5 hashing6. Do a test user registration.7. The audit trail log file will show the password in plain text.8. Actually the PHPRAD is work very well. Im ok to exclude this USERS ADD page from audit log settings.Just the password field is in plain text (only on AUDIT TRAIL FILE) and need attention on that part for security measure..And finally,Im just a favourable user of this PHPRAD. I wondered about this issue, and seeking your valuable advise. Kindly reply to the forum members as -- what is the scenario, how to reproduce the issue etc.,..-- instead of using some laymen term replies like "Please verify before you post something like this."Thank you Quote Selected 1 Likes
Re: Logs showing plain password Reply #7 – October 17, 2019, 03:56:12 AM This brand is dying itself by not responding to people questions.If the question is user's mistake, support will reply instantly within a day.If the question is related to product's bug (a few as i know well..), they never ever get back even for months-years. Quote Selected
Re: Logs showing plain password Reply #8 – October 17, 2019, 12:17:48 PM @srajansgp the issue was replicated and confirmed, and it has been relayed to the dev. Quote Selected
Re: Logs showing plain password Reply #9 – October 17, 2019, 03:44:13 PM @srajansgp got a reply from the dev team. it is not a bug, but the next release will address the issue of displaying the password as plain text. Quote Selected
Re: Logs showing plain password Reply #10 – October 17, 2019, 11:42:15 PM @willvin , thats a nice reply. Thank you for your kind response to the forum. Quote Selected
Topic: Logs showing plain password (Read 2421 times)
previous topic - next topic
Track issues, Ask questions, Make suggestions,Report a bug