Ticket #: | 170 |
Subject: | Account Activation Email shows Password in Clear Text |
Category: | Security |
Severity: | Severity 2 – Significant business impact |
Description: | Account Activation email shows password in clear text. |
Attachment 1: | |
Attachment 2: | |
Attachment 3: | |
Submitted By: | Tom O'Dea (Webmaster) |
User's Email Address: | webmaster@ibmalumni.org.au |
Date Opened: | 16/08/2018 at 15:26 |
Date Last Updated: | 16/08/2018 at 15:44 |
Status: | Closed |
Assigned To: | Tom O'Dea (Webmaster) |
2 thoughts on “Account Activation Email shows Password in Clear Text”
Leave a comment
You must be logged in to post a comment.
The account activation email templates have now been updated to include the following.
Please note:
1. The password shown above is a system-generated password.
2. This is an initial password only.
3. You should login to the web site using this password and then change your password to something meaningful to you.
4. You can login to the web site here: https://ibmalumni.org.au/pm_login/
The password in the account activation email is an initial password and the sensible thing to do is to is to login with that password and then change it it something meaningful to the user.
However, we need to do a better job of explaining this.
The best way forward is to change the account activation email to cover these points:
1. The password shown in the email is a system-generated password.
2. This is an initial password only.
3. You should login to the site using this password and then change your password to something meaningful to you.