[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files
Stéphane Heckel
hsteph at club-internet.fr
Wed Oct 10 09:46:34 CDT 2007
"Christophe David" wrote :
> When using AuthUser, PmWIki stores the user password in clear in a
> session variable. Therefore, the user password can be read very
> easily by anyone who has access to the server.
which temporary file contains the password ?
I can check my PmWiki/AuthUser/ldap configuration to reproduce the case
Thanks
SH
More information about the pmwiki-users
mailing list