Security issue with “export settings” : non encoded passwords

  • Resolved chrissmith1534

    (@chrissmith1534)


    6 months, 1 week ago

    Hi,

    When one exports its settings from wpvivid, all passwords and tokens are displayed without encryption. This is a real security issue if 1/ a website is compromised or shared with the client 2/ single account (ftp, ftps or other providers) is used for backup up several websites and one of them is compromised, allowing attackers to compromise a number of other backups.

    What mitigation do you recommend ?

    Best,

    Chris

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support tonyrobins

    (@tonyrobins)

    Hello @chrissmith1534

    Passwords of cloud storage are already encrypted in the database. So exported passwords are also encrypted.

    All the best,

    WPvivid Support Team

    Plugin Support tonyrobins

    (@tonyrobins)

    Hi @chrissmith1534

    The team has discussed your case. We are going to encrypt tokens of cloud storage as well in the next public release.

    However, it is worth noting that as necessary safety measures,

    1. It’s recommended to limit access sharing, at least avoid sharing access with untrusted individuals.
    2. Enhance the overall website security to ensure that it will not get compromised.

    All the best,

    Thread Starter chrissmith1534

    (@chrissmith1534)

    You are right, it was encrypted. Thanks for your quick answer.

    Best regards

    Plugin Support tonyrobins

    (@tonyrobins)

    You are welcome.

    All the best,

    WPvivid Support Team

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security issue with “export settings” : non encoded passwords’ is closed to new replies.

Tags