Project

General

Profile

Actions

Defect #17830

open

User creation: clear/plaintext password sent via unencrypted email

Added by Hendrik Jaeger over 9 years ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Category:
Security
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

  henk | I just received an unencrypted mail from redmine containing my password in plaintext. Is that fixed in more recent versions? Is there a way to fix it in 1.4.4?
  henk | https://twitter.com/RamsayDev/status/460048737994551296 hehe, yeah, kinda my thoughts …
salvor | henk: no.
salvor | henk: that's only on user creation, and it's up to the administrator to send this password or not
salvor | after that everything happen through tokens
  henk | salvor: hm, ok, that’s not too bad then, but I still wonder why that’s not done through tokens as well?!
salvor | I guess we could do that even on user creation (= send a unique link to reset the password) ; or force password change on first connection (which is the same security wise I think)
salvor | do you see a legitimate case where an administrator would want to set a password manually for a user ?
  henk | salvor: No, not really. IMHO it’s nice to have that feature and I wouldn’t want it to go away, but it’s not a good default way to handle things.
salvor | I totally agree

Another idea:
allow specifying a pgp-key and send the mail encrypted

Actions

Also available in: Atom PDF