Account Activation Email shows Password in Clear Text


Ticket #: 170
Subject: Account Activation Email shows Password in Clear Text
Category: Security
Severity: Severity 2 – Significant business impact
Description:

Account Activation email shows password in clear text.

Attachment 1:
Attachment 2:
Attachment 3:
Submitted By: Tom O'Dea (Webmaster)
User's Email Address: webmaster@ibmalumni.org.au
Date Opened: 16/08/2018 at 15:26
Date Last Updated: 16/08/2018 at 15:44
Status: Closed
Assigned To: Tom O'Dea (Webmaster)

2 thoughts on “Account Activation Email shows Password in Clear Text”

  1. The password in the account activation email is an initial password and the sensible thing to do is to is to login with that password and then change it it something meaningful to the user.

    However, we need to do a better job of explaining this.

    The best way forward is to change the account activation email to cover these points:
    1. The password shown in the email is a system-generated password.
    2. This is an initial password only.
    3. You should login to the site using this password and then change your password to something meaningful to you.

Leave a comment

NEED HELP?