[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files

Stéphane Heckel hsteph at club-internet.fr
Wed Oct 10 09:46:34 CDT 2007


"Christophe David" wrote :

> When using AuthUser, PmWIki stores the user password in clear in a
> session variable.  Therefore, the user password can be read very
> easily by anyone who has access to the server.

which temporary file contains the password ?
I can check my PmWiki/AuthUser/ldap configuration to reproduce the case

Thanks

SH 






More information about the pmwiki-users mailing list