[Kroupware] Security Concern regarding Web-Interface
Frank A. Zdarsky
frank.zdarsky at gmx.de
Tue Aug 12 15:29:27 CEST 2003
Hello Kolab Developers,
while looking at the HTML sources of the pages "Modify Existing
{User|Maintainer|Administrator}" of the Kolab Server's web-interface, I
noticed that they contain the respective passwords (and worse: in plain
text!). This should be avoided for at least two reasons:
a) Administrators gain access to the users' passwords, which these tend to
use on other systems as well
b) The web-pages including the passwords are stored on disk (at least in
Internet Explorer by default)
Cheers -- Frank
More information about the Kroupware
mailing list