[Kroupware] Security Concern regarding Web-Interface

Frank A. Zdarsky frank.zdarsky at gmx.de
Tue Aug 12 15:29:27 CEST 2003


Hello Kolab Developers,

while looking at the HTML sources of the pages "Modify Existing
{User|Maintainer|Administrator}" of the Kolab Server's web-interface, I
noticed that they contain the respective passwords (and worse: in plain
text!). This should be avoided for at least two reasons:

a) Administrators gain access to the users' passwords, which these tend to
use on other systems as well
b) The web-pages including the passwords are stored on disk (at least in
Internet Explorer by default)

Cheers -- Frank




More information about the Kroupware mailing list