Mibew Messenger Community
General => General Discussion => Topic started by: rndagijimana on March 12, 2015, 05:44:30 PM
-
I have run a vulnerability scan and these notifications show up
----------------------------------------------------
User credentials are sent in clear text
-----------------------------------------------------
..../operator/login.php
..../operator/restore.php
------------------------------------------------------
HTML form without CSRF protection
------------------------------------------------------
..../operator/login.php
..../operator/restore.php
how can we avoid these vulnalbilities???
-
I've answered at the GitHub because it can be treated as an issue that we should somehow fix. See: https://github.com/Mibew/mibew/issues/115 .
One more thing: you should use either github issue tracker or the forum, but definitely not both.
-
Hi rndagijimana,
What kind of vulnerability scan tool did you use to find the CSRF and cleartext ??
Thanks for your feedback ;)