Password is not encrypted issue

abpframework / abp

Open-source web application framework for ASP.NET Core! Offers an opinionated architecture to build enterprise software solutions with best practices on top of the .NET. Provides the fundamental infrastructure, cross-cutting-concern implementations, startup templates, application modules, UI themes, tooling and documentation.

GNU Lesser General Public License v3.0

12.78k stars 3.41k forks source link

Your ABP Framework 7.3.1.
Your Angular
Your database provider(EF Core)
Issue:
At the time of audit it was observed that username and password are in text format. Cleartext Storage of Sensitive Information vulnerability refers to a security issue where sensitive or confidential data is stored in plain text (i.e., unencrypted) form on a system or network. This means that the data is not protected from unauthorized access, and anyone with access to the system or network can read the information without any encryption or decryption processes.
Steps needed to reproduce the problem.
Run the application.
then Login. @maliming

abpframework / abp

Password is not encrypted issue #18942