To post a new support question, click the Post New Topic button below.
Current Version: 4.9.2 | Sytist Manual | Common Issues | Feature Requests
Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.
Admin Login Passwords Attempted Are Visible To Any User
Michael Leenheer
494 posts
Wed May 19, 21 2:57 PM CST
Something a bit concerning that I just came across:
/sy-admin/index.php?do=admins&view=logins&failed=1#page=thumbs
If you go to the ADMINS > Log in Log > Failed Logins, you can see all the failed passwords the other admins used when trying to login. Unfortunately those are all legit 'real' passwords for the admin -- they are perhaps just trying to sign in with an email instead of their username or something of that nature, but having those all visible is a concern.
My own 'failed' passwords were real ones used elsewhere and they've now been seen by a few employees. I trust them but I also don't want this. Can you add security to hide those? Passwords shouldn't be visible (or even stored) as plain text for others to view...
Please.
/sy-admin/index.php?do=admins&view=logins&failed=1#page=thumbs
If you go to the ADMINS > Log in Log > Failed Logins, you can see all the failed passwords the other admins used when trying to login. Unfortunately those are all legit 'real' passwords for the admin -- they are perhaps just trying to sign in with an email instead of their username or something of that nature, but having those all visible is a concern.
My own 'failed' passwords were real ones used elsewhere and they've now been seen by a few employees. I trust them but I also don't want this. Can you add security to hide those? Passwords shouldn't be visible (or even stored) as plain text for others to view...
Please.
Michael Leenheer || My Sytist: https://subphoto.ca/client_galleries/demo01/
Tim - PicturesPro.com
16,242 posts
(admin)
Thu May 20, 21 3:58 AM CST
Ok. I will note it.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
Please log in or Create an account to post or reply to topics.
Loading more pages