Prestashop: Passwords in Welcome emails
Description
The welcoming email sent when a user creates an account contains the username AND password in clear text. This means passwords are stored as clear text in the db, which is a serious security risk !
To Reproduce
Simply create an account
Talw3g
All 6 comments
What? :D Password are not stored in plain text... you can check it in database, table PREFIX_customer,
about an e-mail with registration confirmation... what version of PrestaShop you use?
kpodemski
on 12 Oct 2019
I don't personally use PrestaShop, but I created an account on 2 websites that use it... and both sent me the same welcome email with my credentials in plain text !
I assumed it came from PrestaShop, but I don't know which version.
Talw3g
on 12 Oct 2019
Ok, don't worry, passwords are not stored in plain text, also in newest versions of PrestaShop password is no longer sent after creating an account
kpodemski
on 12 Oct 2019
By newer versions, he said, every versions that are over two or three years old 馃槄
https://github.com/PrestaShop/PrestaShop/pull/5889
PierreRambaud
on 12 Oct 2019
Hi @Talw3g,
There is no password displayed in the PS1.7.6.1.
It is fixed with PS1.7 fixed with this PR: #5889
If you are using the PS1.6, it is fixed with this PR: https://github.com/PrestaShop/PrestaShop/pull/8564
Thanks to check & feedback.
khouloudbelguith
on 14 Oct 2019
Since it's related to an old PrestaShop version, and the reporter is not the owner of the websites, I close this issue.
PierreRambaud
on 14 Oct 2019
Related issues
zuk3975
路
3Comments
rGaillard
路
3Comments
Fabuloops
路
3Comments
centoasa
路
3Comments
marionf
路
3Comments
Most helpful comment
Since it's related to an old PrestaShop version, and the reporter is not the owner of the websites, I close this issue.