Shocking security vunerability

HOly MOlY!!! Thanks for the warning mate!

I was just checking a friends blog …

How do we fix this? It’s a simple case of changing the html field type but i don;t know what file to amend?

What is the plugin developer thinking!!!!!!

Changing it to a password field is not going to stop anyone who is able to hack into your server. Thinking this is any help is misguided.

However, if you insist, the file to change is :
wp_mail_smtp.php line 305

haha trex i didn’t say that!!!

It stops freelancers and fellow co workers who are helping on a site build from seeing my password.

Listen pal its basics. If your going to have a password you use a password field for it. Don’t be clever for no reason we both know its good coding practise and should be fixed and updated on the next version.

Can you actually think of a sensible reason why it shouldn’t be a password field?

Thanks for the help btw

We all know nothing is fool proof but the name of the game is making it as difficult as possible not “hey folks you cant stop the hackers lets just stop attempting to prevent it attitude”

Reasons for plain text:

• Easier to verify data accuracy. (Can be helpful when having sending errors)
• Disposable sending account and you lost/forgot the password. (Bad reason, but one nonetheless)

Certainly you want to make it harder to crack, I’m just stating that making it a password field doesn’t really do that for any remotely savvy attacker. To make it (slightly) harder you need to either send an encrypted version (or hashed) to the config page, or a default value. Then on save check to see if that value is altered, and only if it is, update the password.

This clearly won’t protect you from someone who gets access to your database, but it is a good first step. To protect the database, you could encrypt with a seed, but if the attacker was able to find the seed, you’re still out of luck.

Hi,

I totally agree!!

1) The password input should permanent be changed to type=”password”

2) The password should be encrypted so it is not exposed in the database!

Sincerely,
Mika

Even after changing the input to password on line 305, I could still see the password if I Inspected Element on the input in the Value. So I ended up removing the php outputting of the password as well with a note to enter it each time when making changes. Like so:

<td><input name="smtp_pass" type="password" id="smtp_pass" value="" size="40" class="code" /> Enter Password For Every Change</td>

Here’s hoping the developer encrypts it in the database and stops displaying it on the page.

The SMTP protocol requires that your password be sent in plaintext (or base-encoded). If the plugin was to one-way hash the password, it would not be readable to submit to the SMTP server. If the plugin was to encrypt or encode the password, anyone could look through the source code of the plugin to get the decryption method.

If you are that concerned about password security, use OAuth 2.0 instead.

I more concerned about it being exposed in the admin. Maybe just don’t fill in the password and have the system assume that the password hasn’t changed if the field is blank and only update the password if a new one is typed in.

But the password is still saved in the database. And if the plugin can get it, and decrypt it, anyone can get it, and decrypt it.

You’re trying to get a car to fly when you should be using an airplane.

https://blog.varonis.com/giving-away-your-passwords/