ghost
commented
9 years ago Thank you Mike for fixing this quickly. Does this also obscure the existing passwords?
I disabled the addons on my hub, removed the plain text passwords from the pconfig table and advised my hub members to change the relevant passwords. I advise other hub admin to do at least the latter one also.
I will enable these plugins again after I have time to test it.
This is a big security issue. When an admin searches for 'password' in the pconfig table it gives all passwords of hub members from third party social networks. These are there because of crosspost plugins. I see passwords from Diaspora, Wordpress, other RedMatrix accounts and Friendica. I know this is plugin related, but because all plugins are involved and because I believe this should be resolved on a higher level, I post this issue here.