Bug #8879: Integrations can cause cleartext password to be lost when sending activation email - CB - Joomlapolis forge

Actions

Copy link

Bug #8879

open

Integrations can cause cleartext password to be lost when sending activation email

Added by krileon over 2 years ago. Updated 3 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

krileon

Target version:

CB 2.9.4

Start date:

04 March 2022

Due date:

% Done:

Estimated time:

Description

A user store done during user user trigger can result in cleartext password being encrypted. This results in password being encrypted in the email as well. This is a problem when using randomly generated passwords as the user won't be able to receive their password.

So far this confirmed happens with CBSubs in the following scenario.

Randomly Generated Passwords: Yes
Admin Approval: No
Email Confirmation: No

In this case password would be sent in the Welcome email, but due to a user store in CBSubs becomes encrypted. Other integrations could easily cause this as well. It would be safer to pass the cleartext password to activateUser function directly and then onto email handling OR as a private variable like _password.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

CB

Custom queries

Bug #8879

Integrations can cause cleartext password to be lost when sending activation email

Updated by krileon over 2 years ago

Updated by beat over 2 years ago

Updated by krileon about 2 years ago

Updated by beat almost 2 years ago

Updated by beat about 1 year ago

Updated by beat about 1 year ago

Updated by beat about 1 year ago

Updated by beat 5 months ago

Updated by beat 3 months ago