on 05-06-2013 2:11 PM
Hi Experts, I discovered a big hole in the security in ID<-->XI, is the connection between "ID" and "XI" is "HTTP", using any sniffer is possible view all XMLs of communication channels, including passwords configured.
How it works:
ID -> XI:
ID sends decrypted passwords and XI encrypts them and stores (can see encrypted in the rwm cache)
XI -> ID:
XI decrypt the passwords and sent to ID
Is there any solution to this problem?. (the good of this problem is that it is possible to retrieve forgotten password of CCs :D)
Something that could be improved is that the password will decrypt the ID....
Best Regards.
Hi Maximiliano,
Is there any solution to this problem?
Use of HTTPS for example?
/Udo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is no security hole, this is just how the http protocol works... The password goes unencrypted over the line..
Like Udo proposed, use https instead of http.
Kr. Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.