[jira] [Updated] (SYNCOPE-1507) ACT_GE_BYTEARRAY table contains sensitive information such as password plaintext

zhongdongyue (Jira) Mon, 04 Nov 2019 17:12:37 -0800


     [ 
https://issues.apache.org/jira/browse/SYNCOPE-1507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


zhongdongyue updated SYNCOPE-1507:
----------------------------------
    Summary: ACT_GE_BYTEARRAY table contains sensitive information such as 
password plaintext  (was: ACT_GE_BYTEARRAY表中包含密码明文等敏感信息)

> ACT_GE_BYTEARRAY table contains sensitive information such as password 
> plaintext
> --------------------------------------------------------------------------------
>
>                 Key: SYNCOPE-1507
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1507
>             Project: Syncope
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>            Reporter: zhongdongyue
>            Priority: Major
>         Attachments: image-2019-11-04-17-22-34-128.png, 
> image-2019-11-04-17-54-31-621.png
>
>
> 创建用户后，ACT_GE_BYTEARRAY表中仍然存有包含密码明文等敏感信息的用户创建信息，缺乏安全性。
>  # 查询出用户相关的序列化数据
>  # !image-2019-11-04-17-22-34-128.png|width=590,height=150!
>  # 导出为16进制数据
>  # 将16进制转换为字符串(图中圈出的即为用户名及密码)
>  # !image-2019-11-04-17-54-31-621.png|width=526,height=148!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (SYNCOPE-1507) ACT_GE_BYTEARRAY table contains sensitive information such as password plaintext

Reply via email to