FTP password is revelead

  • Resolved Jorge

    (@jlsv1986)


    8 years, 10 months ago

    Hi There,

    I would like to know if there is a way to prevent the FTP password to be revealed when you inspect the element “input password” from the Dashboard?

    When the <input type=”password”> is changed to <input type=”text”> The password is revealed from the Dashboard. This can be risky in systems which have saved passwords and if the website is hacked and the hacker do this, he would also have access to the remote place where the backups are.

    Could implement a fixing for this issue?

    For the rest the plugin is great.

    Best,
    Jorge

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Brandon Olivares

    (@cocreation)

    8 years, 10 months ago

    Hi @jlsv1986, can you confirm you are actually seeing the plaintext password? Because all that should be passed to the form is the encrypted password.

    Thread Starter Jorge

    (@jlsv1986)

    8 years, 10 months ago

    Hi Brandon,

    Yes, I can confirm you that if I change the input type from password to text with the inspector element in the dashboard for the password field in the FTP option, I can see the password in plain text and I would say it is very insecure.

    Note: I am using the last version of WP and BackWPup.

    Best,
    Jorge

    happyAnt

    (@duongcuong96)

    8 years, 9 months ago

    Hi @jlsv1986,
    This problem will be fixed in the next release 🙂

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘FTP password is revelead’ is closed to new replies.