All passwords of other networks exposed in pconfig table

Question

All passwords of other networks exposed in pconfig table

Closed this issue 10 years ago · 3 comments

This is a big security issue. When an admin searches for 'password' in the pconfig table it gives all passwords of hub members from third party social networks. These are there because of crosspost plugins. I see passwords from Diaspora, Wordpress, other RedMatrix accounts and Friendica. I know this is plugin related, but because all plugins are involved and because I believe this should be resolved on a higher level, I post this issue here.

Answer 1 · 2015-03-28T23:27:29.000Z

Thank you Mike for fixing this quickly. Does this also obscure the existing passwords?

I disabled the addons on my hub, removed the plain text passwords from the pconfig table and advised my hub members to change the relevant passwords. I advise other hub admin to do at least the latter one also.

I will enable these plugins again after I have time to test it.

Answer 2 · 2015-04-01T19:18:11.000Z

Tested and all passwords are now encrypted. Thanks again for the quick fix Mike.

Answer 3 · 2015-04-02T14:58:10.000Z

This issue was moved to redmatrix/redmatrix#2