syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "zhongdongyue (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-1507) ACT_GE_BYTEARRAY table contains sensitive information such as password plaintext
Date Tue, 05 Nov 2019 09:27:00 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-1507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967369#comment-16967369
] 

zhongdongyue commented on SYNCOPE-1507:
---------------------------------------

We chose syncope a year ago, and then downloaded the image from the docker hub. At that time,
the version is still old, we will consider upgrading, thank you very much for your help.

> ACT_GE_BYTEARRAY table contains sensitive information such as password plaintext
> --------------------------------------------------------------------------------
>
>                 Key: SYNCOPE-1507
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1507
>             Project: Syncope
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>            Reporter: zhongdongyue
>            Priority: Major
>         Attachments: image-2019-11-04-17-22-34-128.png, image-2019-11-04-17-54-31-621.png
>
>
> After the user is created, the ACT_GE_BYTEARRAY table still contains user-created information
containing sensitive information such as password plaintext, which lacks security.
>  # Query user-related serialized data
>  # !image-2019-11-04-17-22-34-128.png|width=590,height=150!
>  # Export to hexadecimal data
>  # Convert hexadecimal to a string (the user name and password are circled in the figure)
>  # !image-2019-11-04-17-54-31-621.png|width=526,height=148!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message