WebSite X5Help Center

 
Axel  
Axel  
User

Here password are clear too .... RGPD/ GDPR... Always not compliant after 1 1/2 yrs ... Does it a normal situation ????  fr

Autor: Axel  
Visitado 1665, Followers 2, Compartido 0  

More 1 yr of alerts on GDPR compliance.

Nothing has been done !!!! It's NOT ACCEPTABLE
Security by Design which is necessary to be compliance is not respected by Incomedia !!!!

And the only answer is that it was difficult to undertsand the offical documentation and to know what was necessary to do... yes yes. I got this answer.tongue-out

Not OK - password are in clear text into the dababase... surprised Now you know 
Not OK - password are in clear text into received email when you said 'I forgot my password'surprised Now you know 

Not Ok - No graphical interface to manage, edit, delete users. Need to go via MyPHPAdmin manually !!! surprised Now you know

Other one for toda !!!!  If you are using user access into your projet open upload\res\access.inc.php

 Ho big surprise, password are in clear text too....tongue-outsurprised ... Now you know

Since long time, I explained that password encoding is done with just one PHP function... No any code to write  , just a php function ready for that..

But NO

More important to focus on content slider, content slider and content slider...

Does this situation is normal ????

Enjoy 

https://wsx5.afsoftware.fr

Publicado en
8 RESPUESTAS - 1 ÚTIL
Tom G.
Tom G.
User

I have checked on the server. You are right. All passwords in clear text!

Leer más
Publicado en de Tom G.
Axel  
Axel  
User
Autor

very secure !!!!laughing

Thanks Incomedia... for their incompetence on this one again.

I go to be removed because my comment is not a good one !!!! tongue-outwink

Leer más
Publicado en de Axel  
Tom G.
Tom G.
User
Wsx5.afsoftware.fr  
I go to be removed because my comment is not a good one !!!!

Oh, no! Not again!

Leer más
Publicado en de Tom G.
Tom G.
Tom G.
User

(It is still in French part of the forum. Does not appear in the English one...)frown

Leer más
Publicado en de Tom G.
Axel  
Axel  
User
Autor

the stupid guy is sleeping... wink

Not able to be frank and to say why he removes our comments... undecided

Leer más
Publicado en de Axel  
Axel  
Axel  
User
Autor

And if your web server is vulnerable, file inclusion attack  is possible to read the file and to retrieve authentication informations  !!!surprisedsurprised

too easy to do.
Demo ?

Obviously not important ... No risks !!!! frowntongue-out

Hello Incomedia what's your opinion ???? 
No risks... We are into "bisounours" world ! foot-in-mouth

Enjoy !

Leer más
Publicado en de Axel  
Incomedia
Stefano G.
Incomedia

Good day everyone

The security matter is of course of utmost importance for us and for this reason we've been working on improving this part specifically as well.

For this reason, I would like to inform you that the upcoming Preview version of the new version of the software will also feature the encoding of the password to make sure that a higher level of security can be provided for the users registered on the website's made with WebSite X5. The same change will also affect that way the password-reset email is built which will be adapted to this new change

I hope I was helpful

Stefano

Leer más
Publicado en de Stefano G.
Axel  
Axel  
User
Autor

Sounds good... tongue-out after a long log time ....

Wait & see

Leer más
Publicado en de Axel