Author Topic: Security Audit report queries  (Read 7637 times)

0 Members and 1 Guest are viewing this topic.

rndagijimana

  • Jr. Member
  • **
  • Posts: 1
Security Audit report queries
« on: March 12, 2015, 05:44:30 PM »
I have run a vulnerability scan and these notifications show up
----------------------------------------------------
User credentials are sent in clear text
-----------------------------------------------------
..../operator/login.php
..../operator/restore.php
------------------------------------------------------
HTML form without CSRF protection
------------------------------------------------------
..../operator/login.php
..../operator/restore.php

how can we avoid these vulnalbilities???



Dmitriy Simushev

  • Native
  • *****
  • Posts: 345
Re: Security Audit report queries
« Reply #1 on: March 16, 2015, 10:34:44 AM »
I've answered at the GitHub because it can be treated as an issue that we should somehow fix. See: https://github.com/Mibew/mibew/issues/115 .

One more thing: you should use either github issue tracker or the forum, but definitely not both.
« Last Edit: March 16, 2015, 11:31:58 AM by Dmitriy Simushev »

stormbyte

  • Jr. Member
  • **
  • Posts: 1
    • AKAOMA
Re: Security Audit report queries
« Reply #2 on: May 02, 2015, 08:11:07 PM »
Hi rndagijimana,

What kind of vulnerability scan tool did you use to find the CSRF and cleartext ??

Thanks for your feedback  ;)