You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "Francesco Chicchiriccò (Jira)" <ji...@apache.org> on 2019/11/05 09:30:00 UTC
[jira] [Closed] (SYNCOPE-1507) ACT_GE_BYTEARRAY table contains
sensitive information such as password plaintext
[ https://issues.apache.org/jira/browse/SYNCOPE-1507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò closed SYNCOPE-1507.
-------------------------------------------
Resolution: Later
No problem.
Please, for future questions, please check first by sending an e-mail to our user@ mailing list, after [subscription|http://syncope.apache.org/mailing-lists].
> ACT_GE_BYTEARRAY table contains sensitive information such as password plaintext
> --------------------------------------------------------------------------------
>
> Key: SYNCOPE-1507
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1507
> Project: Syncope
> Issue Type: Bug
> Affects Versions: 2.1.1
> Reporter: zhongdongyue
> Priority: Major
> Attachments: image-2019-11-04-17-22-34-128.png, image-2019-11-04-17-54-31-621.png
>
>
> After the user is created, the ACT_GE_BYTEARRAY table still contains user-created information containing sensitive information such as password plaintext, which lacks security.
> # Query user-related serialized data
> # !image-2019-11-04-17-22-34-128.png|width=590,height=150!
> # Export to hexadecimal data
> # Convert hexadecimal to a string (the user name and password are circled in the figure)
> # !image-2019-11-04-17-54-31-621.png|width=526,height=148!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)