Dynamics Login Details Stored in plain text

  • Resolved robadams22

    (@robadams22)


    6 years, 10 months ago

    On reviewing the Dynamics Integration page of the plugin in Firebug I note that all the login details are returned to the client in plain text. These login details are available to any WordPress user who is an admin or has access to the plugin config page.

    On checking the options storage in the database we noted that all the options are save to the database with no hashing or encryption under msdyncrm_options.

    While the rest of the plugin is great these are pretty major issues for use in our scenario. As a fix all we would need is the data in the options table encoded and the password not to be returned as plain text to the admin page.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author alexacrm

    (@alexacrm)

    Hi @robadams22

    Good catch, looks like the leftovers from the previous implementation. Definitely needs to be fixed. Let me discuss it with the team to see what we can do asap

    George
    AlexaCRM

    Hi there.

    We are looking to implement this plugin. However, we found this on the forum and it makes us hesitant.

    Any word on when this will be fixed?

    Plugin Contributor wizardist

    (@wizardist)

    Hi

    The issue has been addressed in the latest update!

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Dynamics Login Details Stored in plain text’ is closed to new replies.