Mibew Messenger Community

General => General Discussion => Topic started by: rndagijimana on March 12, 2015, 05:44:30 PM

Title: Security Audit report queries
Post by: rndagijimana on March 12, 2015, 05:44:30 PM

I have run a vulnerability scan and these notifications show up
----------------------------------------------------
User credentials are sent in clear text
-----------------------------------------------------
..../operator/login.php
..../operator/restore.php
------------------------------------------------------
HTML form without CSRF protection
------------------------------------------------------
..../operator/login.php
..../operator/restore.php

how can we avoid these vulnalbilities???

Title: Re: Security Audit report queries
Post by: Dmitriy Simushev on March 16, 2015, 10:34:44 AM

I've answered at the GitHub because it can be treated as an issue that we should somehow fix. See: https://github.com/Mibew/mibew/issues/115 .

One more thing: you should use either github issue tracker or the forum, but definitely not both.

Title: Re: Security Audit report queries
Post by: stormbyte on May 02, 2015, 08:11:07 PM

Hi rndagijimana,

What kind of vulnerability scan tool did you use to find the CSRF and cleartext ??

Thanks for your feedback  ;)