WebSite X5Help Center

 
Axel  
Axel  
User

Here password are clear too .... RGPD/ GDPR... Always not compliant after 1 1/2 yrs ... Does it a normal situation ????  fr

Auteur : Axel  
Visité 1372, Followers 2, Partagé 0  

More 1 yr of alerts on GDPR compliance.

Nothing has been done !!!! It's NOT ACCEPTABLE
Security by Design which is necessary to be compliance is not respected by Incomedia !!!!

And the only answer is that it was difficult to undertsand the offical documentation and to know what was necessary to do... yes yes. I got this answer.tongue-out

Not OK - password are in clear text into the dababase... surprised Now you know 
Not OK - password are in clear text into received email when you said 'I forgot my password'surprised Now you know 

Not Ok - No graphical interface to manage, edit, delete users. Need to go via MyPHPAdmin manually !!! surprised Now you know

Other one for toda !!!!  If you are using user access into your projet open upload\res\access.inc.php

 Ho big surprise, password are in clear text too....tongue-outsurprised ... Now you know

Since long time, I explained that password encoding is done with just one PHP function... No any code to write  , just a php function ready for that..

But NO

More important to focus on content slider, content slider and content slider...

Does this situation is normal ????

Enjoy 

https://wsx5.afsoftware.fr

Posté le
8 RéPONSES - 1 UTILES
Tom G.
Tom G.
User

I have checked on the server. You are right. All passwords in clear text!

Lire plus
Posté le de Tom G.
Axel  
Axel  
User
Auteur

very secure !!!!laughing

Thanks Incomedia... for their incompetence on this one again.

I go to be removed because my comment is not a good one !!!! tongue-outwink

Lire plus
Posté le de Axel  
Tom G.
Tom G.
User
Wsx5.afsoftware.fr  
I go to be removed because my comment is not a good one !!!!

Oh, no! Not again!

Lire plus
Posté le de Tom G.
Tom G.
Tom G.
User

(It is still in French part of the forum. Does not appear in the English one...)frown

Lire plus
Posté le de Tom G.
Axel  
Axel  
User
Auteur

the stupid guy is sleeping... wink

Not able to be frank and to say why he removes our comments... undecided

Lire plus
Posté le de Axel  
Axel  
Axel  
User
Auteur

And if your web server is vulnerable, file inclusion attack  is possible to read the file and to retrieve authentication informations  !!!surprisedsurprised

too easy to do.
Demo ?

Obviously not important ... No risks !!!! frowntongue-out

Hello Incomedia what's your opinion ???? 
No risks... We are into "bisounours" world ! foot-in-mouth

Enjoy !

Lire plus
Posté le de Axel  
Incomedia
Stefano G.
Incomedia

Good day everyone

The security matter is of course of utmost importance for us and for this reason we've been working on improving this part specifically as well.

For this reason, I would like to inform you that the upcoming Preview version of the new version of the software will also feature the encoding of the password to make sure that a higher level of security can be provided for the users registered on the website's made with WebSite X5. The same change will also affect that way the password-reset email is built which will be adapted to this new change

I hope I was helpful

Stefano

Lire plus
Posté le de Stefano G.
Axel  
Axel  
User
Auteur

Sounds good... tongue-out after a long log time ....

Wait & see

Lire plus
Posté le de Axel