abp icon indicating copy to clipboard operation
abp copied to clipboard
verified publisher icon abpframework

Password is not encrypted issue

Open Keertesh opened this issue 1 year ago • 4 comments

  • Your ABP Framework 7.3.1.
  • Your Angular
  • Your database provider(EF Core)
  • Issue:
  • At the time of audit it was observed that username and password are in text format. Cleartext Storage of Sensitive Information vulnerability refers to a security issue where sensitive or confidential data is stored in plain text (i.e., unencrypted) form on a system or network. This means that the data is not protected from unauthorized access, and anyone with access to the system or network can read the information without any encryption or decryption processes.
  • Steps needed to reproduce the problem.
  • Run the application.
  • then Login. @maliming

Keertesh avatar Feb 06 '24 06:02 Keertesh

Where did you see the username and password as plain text? in logs, database (which table)? Can you give us more details please about it?

sephit avatar Feb 06 '24 13:02 sephit

image

Keertesh avatar Feb 07 '24 05:02 Keertesh

This is not a problem on https

image

maliming avatar Feb 07 '24 05:02 maliming

okay thanks

Keertesh avatar Feb 07 '24 05:02 Keertesh