Details

    • Type: Technical Task
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 7.2.10 DXP FP2
    • Fix Version/s: None
    • Labels:
      None

      Description

      Visiting user's account settings displays their custom security question / answer pair in plain text as well as their answer to a preset question.

      Expected
      Obfuscated with character replacement with a reveal/hide icon.

      Actual
      Allows an observer and/or impersonator to gain account information or access.

        Attachments

        1. plain-text.jpg
          plain-text.jpg
          25 kB
        2. plain-text.jpg
          plain-text.jpg
          25 kB
        3. reminder-displays-plain-text.jpg
          reminder-displays-plain-text.jpg
          31 kB

          Activity

            People

            • Assignee:
              sharry.shi Sharry Shi
              Reporter:
              lee.jordan1 Lee Jordan
              Recent user:
              Lee Jordan
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since last comment:
                3 weeks, 6 days ago

                Packages

                Version Package