I manage a vendor app that issues passwords to end users. From what I can see, final user passwords are stored properly. My concern is the initial generation and communication step. The app has many options for communicating the initial account credentials to end users, as the first point of contact often isn't over the web, and to facilitate this feature it stores the initial password in a plan-text column that can be used for generating letters, welcome packets, email, shown on screen for communicating over the phone, etc.
There is a mitigating factor here. The end user must change this password before they can complete their first login. The changed password is not written back to the database in plain text, and is not stored in a recoverable format. The original password is only good for at most a few weeks before it is changed. Additionally, the end user can't do anything with a new account that couldn't be rolled back if needed. It may be possible to leak some personal information, but I believe a new account won't display any data yet that isn't considered directory information.
However, it still nags at me that this plain-text password exists at all, and hangs around even after it's replaced. Given the mitigating factors, is this still a big deal?
Aucun commentaire:
Enregistrer un commentaire