Password Sec Issue | ww.wp.xz.cn

Resolved Tano
(@tanohex)

4 years, 2 months ago

Hello,

As per this report here (2016), the plugin (v1.2.3) still stores the server address and login information in plain text, inside the database.

This is a very dangerous practice, that led to a massive breach…

Isn’t anything that can be done to patch this hole?
I mean come on, 6 years have passed, can’t you just at least encode the password?

Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

beatrice12
(@beatrice12)

4 years, 2 months ago

Hello @tanohex,

Thank you for reaching out to us!

I opened a ticket with our development team regarding this and we will solve it in our future update. Here is the ticket so you can see the progress: https://github.com/WPChill/wp-smtp/issues/4

Warmly,
Beatrice.

Thread Starter Tano
(@tanohex)

4 years, 2 months ago

Fixed in v1.2.4 and probably will be further improved in the future.

Thanks a lot @beatrice12 !

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Password Sec Issue’ is closed to new replies.

2 replies
2 participants
Last reply from: Tano
Last activity: 4 years, 2 months ago
Status: resolved