The ModifyUser.jsp page is used to display and modify users parameters.
The password is displayed in clear text in the form :
/jsp/admin/user/ModifyUser.jsp?id_user=1
If an administrator account is compromised, the attacker could collect these passwords and reuse them in order to hide his tracks or to access others resources (in case of password re-use).
It would be great to instead store a hashed version (ex: SHA-1) of the password.
Description
The ModifyUser.jsp page is used to display and modify users parameters.
The password is displayed in clear text in the form :
/jsp/admin/user/ModifyUser.jsp?id_user=1
If an administrator account is compromised, the attacker could collect these passwords and reuse them in order to hide his tracks or to access others resources (in case of password re-use).
It would be great to instead store a hashed version (ex: SHA-1) of the password.
Improvement
Open
Minor
Users passwords are stored in clear text in database