XML output security risk
|Reported by:||abandonedbywolves||Owned by:|
|Component version:||Operating system type:||Windows|
|Operating system version:|
This ones easy to describe. I noticed today on outputting my FTP accounts that you store the password information in the XML file. Great idea, very convenient, but due to the fact that it's not encoded, it's a very easy step for people to take to grab your passwords, especially considering that in the program, the pass input field is all dots to protect the user.
- Save XML document
- Open document, notice in the <pass> tag, your password is there for the world to see... or at least users of your computer.