View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0012822||phplist application||Configuration||public||04-01-08 03:01||21-02-13 23:56|
|Target Version||4.0.x||Fixed in Version||2.11.0|
|Summary||0012822: Database stores passwords in plain text|
|Description||I noticed that the admin database stores passwords in plain text. This is a huge security risk. Not only does it open up the script to outside hackers if they ever get a hold of the database, but a malicious admin with access to the database can possibly use those passwords to gain access to other sites and products where the stored username and password combinations may also be valid.|
At the very least, an MD5 hash should be used to obfuscate the passwords, and preferably, a salted password MD5 hash, or both to avoid collisions, should be used.
|Tags||No tags attached.|
yes, true, would be good to encrypt them. Thing is, in that case, you can't send a password reminder, so you'd have to send a "password change token" instead.
That's quite a big change. Claudio, can you work on this?
Yes. I've been working on this, in the dev version.
1) I have added the possibility to encrypt passwords by setting a config flag. This way, when an admin is added or updated, his password is stored encrypted.
2) If the admin has problems or simply forget his password, instead of sending an email with the new password, an email is sent with a new link which points to a password update page. The link is based on a token, given to allow only that person to change that password.
3) If the link access is performed after 24 hours, the password update is denied and the request is erased. This way, the admin should perform a new password request.
Ok, changes were made.
New features are available for testing.