Web Connect logging user names and passwords in plaintext.

Open Andrew-Precht opened this issue 11 years ago • 2 comments

Hi all, I was looking over the application logs on the Server 2012 that I have Web Connect installed on. I noticed that user names and passwords are being logged in plaintext. This can't be by design?

Oct 21 '14 21:10 Andrew-Precht

It is Version 1.2.0.320 installed on Server 2012 R2. debug is set to false. If there is anything I can do to help troubleshoot this, please let me know...

Oct 30 '14 19:10 Andrew-Precht

I think the reason is that user and password are sent by GET in the URL. See issue #99 that I just opened. User and password are also in the browser log/history. So everybody with access to the browser is able to get user and and password.

Jul 09 '15 12:07 webnew