[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]
FYI[/size][/font][/color]
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]
http://forum.cs-cart.com/tracker/issue-5118-password-transmission-and-storage/[/size][/font][/color]
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]
There are two problematic issues with how CS Cart sends profile updates containing the password in the clear every time a user updates their profile.
Two aspects:
- password is sent as plain text and someone could can intercept that email and use the password
- the fact that the existing password can be sent in the email indicating that it hasn’t been stored on their system as a one-way hash, i.e. the password is either stored unencrypted or can be extracted from storage using a stored secret
The two aspects above are security vulnerabilities and constitute bad practice for web applications.[/size][/font][/color]
[quote name='japanexp' timestamp='1402985492' post='185874']
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]
FYI[/size][/font][/color]
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]
http://forum.cs-cart…on-and-storage/[/size][/font][/color]
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]
There are two problematic issues with how CS Cart sends profile updates containing the password in the clear every time a user updates their profile.
Two aspects:
- password is sent as plain text and someone could can intercept that email and use the password
- the fact that the existing password can be sent in the email indicating that it hasn’t been stored on their system as a one-way hash, i.e. the password is either stored unencrypted or can be extracted from storage using a stored secret
The two aspects above are security vulnerabilities and constitute bad practice for web applications.[/size][/font][/color]
[/quote]
The password is sent in plain text for the new registered customers only. All password are stored in the database using secure salted password hashing (md5) and there is no way to unencrypt them.
And a small additional clarification… The new customer email that is sent is done while the POSTed data is still present. I.e. the password is seen and then salted/encrypted/stored but the unencrypted version is still available at that point. It only exists in memory and if you're using https, then very low risk of a compromise (unless of course you have resident malware then nothing is secure).
Thanks for clarification, my assessment was incorrect.
so is there a way to prevent showing password in the profile update email?
i think it's important
You can use the update_user_pre hook in the fn_update_user function (app/functions/fn.users.php) and set the send_password parameter always to false.
I could not manage to fix $send_password so I just removed the password from the mail setup in the two instances:
'data' => array(
// 'password' => $original_password,
// 'send_password' => $send_password,
'user_data' => $user_data
),