If the mailserver sends an email with a readable password it means that my password is accessible for the mailserver in a readable format. And that means that the password is unencrypted somewhere between the website and the mailserver. In most cases a content management system (with a user database) or a webshop system (with some kind of CRM database) are familiair with my account. And both these systems use the emailserver to inform me about all transactions. Including account creation. The same can happen if you click a link to the forgotten password function. Some systems resend you the password for your account. So they must be able to read the password from your account in the database.
For me this implies that the CMS and/or CRM system do not store the password in encrypted form, otherwise how can the mailserver get the content for the email? I don't suppose these systems use a brute-force attack to discover your password...
In this case I informed the webshop owner that I suspect that there is a vulnerability in the user management function.
Best practices:
- Use third party identities (Oauth, OpenID etc.) to create customer accounts, that way you don't store passwords;
- Use a hashing function for passwords in the database (and please pick a secure algorithm);
- If your CMS or CRM doesn't support encryption of passwords, change to a secure system.
If you encounter sites that email your password (either at create time or at password reset), please inform the webmaster of this vulnerability.
Geen opmerkingen:
Een reactie posten