Jump to content
  • 0

Registrar password not-encrypted

01globalnet

Asked by 01globalnet,

 Share

Question

01globalnet Junior Member

01globalnet

Posted
Posted

Hello

 

First of all, nice product - watching it for many many months, but a few mins ago just decided to test it.

 

1) My main concern : I've installed various registrar modules and all passwords are stored in plain text.

 

Server passwords (whm etc.) are encrypted, admins passwords are encrypted, client passwords are encrypted - why not Registrars'?

 

This is a very serious issue once a db is compromised.

 

Is there anything else crucial that is not encrypted?

 

2) Moreover, any concern hosting whmcs in a shared enviroment (not storing cc)? I've seen many resellers install billing systems in their shared reseller accounts... Please share your opinions.

 

Thank you

0
Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0
Adam Senior Member

Adam

Posted
Posted

Hey,

 

If your database is already compromised, then whats stoping someone from running a DELETE * sql query?

 

From my understanding, all passwords are already encrypted in the database. So for which part of the database are you seeing passwords in?

 

From,

Adam

0
Link to comment
Share on other sites
  • 0
bear Senior Member

bear

Posted
Posted
If your database is already compromised, then whats stoping someone from running a DELETE * sql query?
There are worse things than deleting the db. How about logging into your registrar account and doing damage there?
From my understanding, all passwords are already encrypted in the database. So for which part of the database are you seeing passwords in?
Have you looked in yours for the registrar info? ;)
0
Link to comment
Share on other sites
  • 0
01globalnet Junior Member

01globalnet

Posted
  • Author
Posted
If your database is already compromised, then whats stoping someone from running a DELETE * sql query?

 

There are worse things than deleting the db. How about logging into your registrar account and doing damage there?

 

Exactly !

 

From my understanding, all passwords are already encrypted in the database. So for which part of the database are you seeing passwords in?

 

Have you looked in yours for the registrar info? ;)

 

Exactly, again ! Thank you bear!

 

The real problem is here, someone is accessing the domains, unlock and transfer to another registrar.

 

Deleting a database is not so serious ( you keep backups right :) ) - and the other information is not so 'critical' that will destroy your business asap. As soon as you realise you get compromised you change all server passwords.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept