secuirty concern with password in cookie/session
Posted: Fri Jul 12, 2024 10:25 am
I have noticed that if I change the password for globeadmin in the config file and then re-attempt to log in, nuBuilder will not recognize the updated password in the config file, instead it appears to be using the previously used password that is either in the Session or a cookie. If I close the browser completely and re-open the login page, then it reads the config again. This is a security problem as cookies are frequently compromised by malware.
This problem doesn't seem to happen with normal non-globeadmin users. Nevertheless password shouldn't ever need be stored in cookies or sessions.
This problem doesn't seem to happen with normal non-globeadmin users. Nevertheless password shouldn't ever need be stored in cookies or sessions.