Secure your SuiteCRM password and account data by implementing two-factor authentication with Google Authenticator.
#4223 - Unencrypted passwords
I have been recently been tasked with support of a SuiteCRM database using your 2FA plugin, and I have found that we have plaintext passwords stored in our database under a column ht_auth_password . This clearly constitutes a critical security issue for us. Is this something that will be corrected by an upgrade to the latest version? I want to be able to get the system back online as soon as possible.
Other add-ons of interest
Administration
google
authenticator
2fa
secure
SuiteCRM
authentication security
security
login
login 2-way
2-way-login
Login Authentication
authentication
two factor
auth
barcode
scan
MFA
Multi-Factor Authentication
2 factor authenticator
2-step login verification
verification
Google 2-Step Verification
google sign in
Registration
code
2-step verification
verification codes
get verification codes
QR code
setup
setup account
unique code
sync
time
Scan QR Code
protection
otp
CRM
protect
secure login
prevent
device
mobile
app
device enrollment
device registration
reset device
safe
unauthorized access
enrollment
protection from hacker
token-based authentication
account
user
password
verify
validate
valid
guarded
defendant
authenticity
authenticated
authenticates
authenticating
2 years ago
Hi Niall,
We have uploaded a new version 5.2 which stores encrypted passwords instead of plaintext. Please download the latest package from the store.
Thank you.