Author Topic: Security Audit report queries (Read 7496 times)

rndagijimana · « **on:** March 12, 2015, 05:44:30 PM »

I have run a vulnerability scan and these notifications show up
----------------------------------------------------
User credentials are sent in clear text
-----------------------------------------------------
..../operator/login.php
..../operator/restore.php
------------------------------------------------------
HTML form without CSRF protection
------------------------------------------------------
..../operator/login.php
..../operator/restore.php

how can we avoid these vulnalbilities???

Dmitriy Simushev · « **Reply #1 on:** March 16, 2015, 10:34:44 AM »

I've answered at the GitHub because it can be treated as an issue that we should somehow fix. See: https://github.com/Mibew/mibew/issues/115 .

One more thing: you should use either github issue tracker or the forum, but definitely not both.

stormbyte · « **Reply #2 on:** May 02, 2015, 08:11:07 PM »

Hi rndagijimana,

What kind of vulnerability scan tool did you use to find the CSRF and cleartext ??

Thanks for your feedback

Mibew Web Messenger

News:

Author Topic: Security Audit report queries (Read 7496 times)

rndagijimana

Security Audit report queries

Dmitriy Simushev

Re: Security Audit report queries

stormbyte

Re: Security Audit report queries