[Vtigercrm-developers] Reminder: Please be a contributor than a whistleblower - on security issues.
socialboostdk
socialboostdk at gmail.com
Fri Apr 20 11:41:25 GMT 2018
+1
Also avoid using users email to hash passwords. Its crap + means that you
cannot change email without also changing password...
On 20 April 2018 at 13:31, Conrado Maggi <comaggi at gmail.com> wrote:
> Basically, Not doing this: https://unsecure.blog/en/114-vtigercrm-storing-
> passwords-in-md5.html
>
> Conrado
>
> On Fri, Apr 20, 2018 at 12:22 PM, Prasad <prasad at vtiger.com> wrote:
>
>> Thank you for the references. We are in touch with few wise security
>> advisories as well.
>>
>> The intent behind the post was to raise the awareness of quality of
>> information that need to be exchanged
>> when understanding the security issue.
>>
>> Regards,
>> Prasad
>>
>>
>> --
>> FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm>
>> I LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
>> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>>
>> On Fri, Apr 20, 2018 at 3:20 PM, IT-Solutions4You <info at its4you.sk>
>> wrote:
>>
>>> I found this interesting project
>>> https://hacktrophy.com/en/price-ethical-hacking/
>>>
>>> I think to contact them for scanning vtiger. Maybe you(vtiger) can
>>> cooperate, basically it's your software ;-)
>>>
>>> Matus
>>>
>>> Dňa 20. 4. 2018 o 10:54 Prasad napísal(a):
>>>
>>>> Dear members,
>>>>
>>>> Security and Data-Privacy is our top priority.
>>>>
>>>> Without providing much details citing security concern on public
>>>> channels is more like whistleblowing, which does no good but creates
>>>> suspicion in those who aren't full aware of the details.
>>>>
>>>> If you are aware of a security risk or suspect a possible hole that
>>>> can give attacker ability to gain customer data, please feel to reach
>>>> to us
>>>> with complete details or file the issue on our tracker to keep our
>>>> community informed.
>>>>
>>>> Regards,
>>>> Prasad
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180420/5b03ae8b/attachment-0001.html>
More information about the vtigercrm-developers
mailing list