← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #09324

[Bug 1016253] [NEW] Authenticated RSS feeds should encrypt login credentials

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The externalfeed block should protect user credentials when
authenticated RSS feeds are used.  The blocktype in Mahara 1.8.1 appears
to store login credentials in cleartext within the database.

This presents an unfortunate vulnerability that could give access to
other systems should Mahara's database be compromised.

** Affects: mahara
     Importance: Undecided
         Status: New


** Tags: enhancement rss security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253

Title:
  Authenticated RSS feeds should encrypt login credentials

Status in Mahara ePortfolio:
  New

Bug description:
  The externalfeed block should protect user credentials when
  authenticated RSS feeds are used.  The blocktype in Mahara 1.8.1
  appears to store login credentials in cleartext within the database.

  This presents an unfortunate vulnerability that could give access to
  other systems should Mahara's database be compromised.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1016253/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next