Password is not sanitized on display ( other security considerations)

  • Resolved Vladimir Vassilev

    (@vloo)


    9 years, 4 months ago

    If you try to add an account with the following password:

    '><script type="text/javascript">alert('alarma')</script>

    the result will be weird, although you won’t get the js alert.

    Furthermore, you are getting stuff from GET and POST without escaping anything, which doesn’t look like a good idea. wpdb->prepare() protects you solely from SQL injections.

    Just a side note – passwords flying around in plain text is not a cool thing for people, who might not be on a corporate highly secured network. Please have a look at https://wordpress.org/plugins/semisecure-login-reimagined/ (when installed you can see a page in the settings, dedicated on how to use it in other plugins). Consider this as a feature request, but I do believe that this would be great for making the plugin safer for cases of “man-in-the-middle” attacks.

    Thanks for the nice plugin, I really wish it could reach some better security level 🙂

    https://wordpress.org/plugins/password-vault/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author mrdenny

    (@mrdenny)

    9 years, 3 months ago

    vloo,
    Thanks for bringing this up to me. I’ve reviewed the code and the only place that I’m seeing calls to wpdb->query instead of wpdb->prepare is in places where I know that the values are clean for example because I get the parameter from get_current_user_id().

    I’ve got a working fix for the javascript problem which I’ll release in the next few days. I’ve applied this fix to all the text fields to ensure that the username, or custom fields don’t have this problem as well.

    I reviewed the JS solution from the plugin you mentioned. I haven’t ruled it out or implemented it yet. I would say that for internal networks you should be using SSL along with the Requires SSL setting for this plugin which makes it so that the plugin doesn’t work at all if the user is connecting via HTTP. I’ll continue to look at the semisecure-login-reimagined plugin as time permits.

    Thread Starter Vladimir Vassilev

    (@vloo)

    9 years, 3 months ago

    Thank you for the reaction and for fixing those issues!

    By the way I found it a bit difficult to check changes in the new version of the plugin, as you are not maintaining the source of older versions in the svn repo. I know it’s not mandatory, but some people find it pretty convinient to have access to the code of older versions.

    Once again thanks for the great plugin!

    Plugin Author mrdenny

    (@mrdenny)

    9 years, 3 months ago

    vloo,
    I honestly didn’t know that people did that. I’ll look into doing that moving forward (can’t do anything about the older builds as far as I know).

    Denny

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Password is not sanitized on display ( other security considerations)’ is closed to new replies.