dolibarr-bugtrack

[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dolibarr-bugtrack] [Bug #1818] Passwords in clear in llx_user table

From:	Doliforge
Subject:	[Dolibarr-bugtrack] [Bug #1818] Passwords in clear in llx_user table
Date:	Sun, 01 Feb 2015 12:18:28 +0100

Doliforge

Is this email not displaying correctly?
update email preferences.

Dolibarr ERP & CRM » Bugs » bug #1818

Passwords in clear in llx_user table

Snapshot

Details
Submitted by:	Cyril (tchap)		Submitted on:	2015-02-01 12:18
Last Modified On:	2015-02-01 12:18
Summary:	Passwords in clear in llx_user table
Description:	The "pass" column of the table "llx_user" contains all the user passwords in clear. It's a security problem since any user able to do an export can retreive all the passwords in plain text. If the database is compromised (read-only), a third person can have access to all the passwords in plain text Storing the passwords like that in the database has no use and pose a security threat as far as I can tell.
Step to reproduce bug:
Detected in version:	3.6.2		Category:	Security
Severity:	5 - Major		OS Type/Version:	Debian wheezy
PHP version:	PHP 5.4.36-0+deb7u3		Database type and version:	mysql Ver 14.14 Distrib 5.5.40
Status
Status:	Open		Assigned to:	None
Resolution:	None

[Prev in Thread]

Current Thread

[Next in Thread]

[Dolibarr-bugtrack] [Bug #1818] Passwords in clear in llx_user table, Doliforge <=

Prev by Date: [Dolibarr-bugtrack] [Bug #1816] Mots de passe en clair dans la table llx_user
Next by Date: [Dolibarr-bugtrack] [Bug #1816] Mots de passe en clair dans la table llx_user
Previous by thread: [Dolibarr-bugtrack] [Bug #1816] Mots de passe en clair dans la table llx_user
Next by thread: [Dolibarr-bugtrack] [Bug #1819] SQL error when searching for an invoice payment
Index(es):
- Date
- Thread