Mautic username and password shows in Hustle widget

  • Resolved eosguy

    (@eosguy)


    7 years, 8 months ago

    Major security issue guys.

    The username and password for Mautic shows up in Hustle widget on my sidebar when I used view source in Google Chrome.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi @eosguy,

    Thanks for pointing this out, this is indeed a important issue, I have already pinged our devs to get this sorted ASAP.

    Keep an eye on updates ??

    Cheers,
    Predrag

    Thank you for bringing this to our attention. We have released a security patch to address this issue. Please update test and let us know if you have any trouble.

    Thread Starter eosguy

    (@eosguy)

    Hi @jdailey

    Thanks for responding to this so promptly. I love this plugin a lot!

    A suggestion for future update would be to mask out the password of the integration as well (Hustle admin, while setting up the connection). This is in case someone’s WP site has been compromised and the hacker can see the username and password in the Hustle admin, thus having a way into the other account as well.

    Edit: Not sure if the update broke the CSS formatting for sidebar widget. The design options somehow gives the same results.

    Thank you! I will pass this along to the developers.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Mautic username and password shows in Hustle widget’ is closed to new replies.

Tags