General > General Discussion
Security Audit report queries
(1/1)
rndagijimana:
I have run a vulnerability scan and these notifications show up
----------------------------------------------------
User credentials are sent in clear text
-----------------------------------------------------
..../operator/login.php
..../operator/restore.php
------------------------------------------------------
HTML form without CSRF protection
------------------------------------------------------
..../operator/login.php
..../operator/restore.php
how can we avoid these vulnalbilities???
Dmitriy Simushev:
I've answered at the GitHub because it can be treated as an issue that we should somehow fix. See: https://github.com/Mibew/mibew/issues/115 .
One more thing: you should use either github issue tracker or the forum, but definitely not both.
stormbyte:
Hi rndagijimana,
What kind of vulnerability scan tool did you use to find the CSRF and cleartext ??
Thanks for your feedback ;)
Navigation
[0] Message Index
Go to full version