Ticket #4102 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Passwords stored in clear text

Reported by: libregeek Assigned to: simmi
Priority: critical Milestone: 5.0.4
Component: vtigercrm Version: 5.0.3
Keywords: Cc:

Description

The webmail password which is used to access the IMAP folders are stored in clear text in vtiger_mail_accounts table. This is a serious security issue, since the administrators can view others password. The ideal situation may be not to store the email password in the table. There are two options: 1. Try to login to the IMAP server with the account details of user vtiger(provided the IMAP and vtiger useraccount are the same) 2. Prompt for the email password when the webmail is accessed.

Change History

08/07/07 23:34:54 changed by mangai

  • owner changed from developer to allen.

08/08/07 06:21:10 changed by libregeek

  • priority changed from unassigned to critical.

What about encrypting the passwords using the mcrypt library ?

http://in.php.net/manual/en/ref.mcrypt.php

08/29/07 08:10:24 changed by don

  • owner changed from allen to simmi.

08/30/07 09:39:28 changed by srini

  • status changed from new to closed.
  • resolution set to fixed.

revision 11319

08/31/07 01:08:45 changed by srini

  • status changed from closed to reopened.
  • resolution deleted.

09/07/07 08:39:57 changed by srini

  • status changed from reopened to closed.
  • resolution set to fixed.

This issue is fixed. svn revision 11350

Thanks, Srini