|
This is an worrying security update that affects the Joomla world.
Up until now iDevAffiliate - the system used by almost every Joomla affiliate program - has stored passwords and Social Security numbers UNENCRYPTED in the database.
That means if you join an iDevAffiliate program the owner can go along and view your password whether its 12345 , password or something more personal. From there they can go back to your site, see other iDev programs that you're using and try to login to those, pretending to be you. If you're dumb enough to use the same login for your email also ...
This is an worrying security update that affects the Joomla world.
Up until now iDevAffiliate - the system used by almost every Joomla affiliate program - has stored passwords and Social Security numbers UNENCRYPTED in the database.
That means if you join an iDevAffiliate program the owner can go along and view your password whether its 12345 , password or something more personal. From there they can go back to your site, see other iDev programs that you're using and try to login to those, pretending to be you. If you're dumb enough to use the same login for your email also ... Read original post at source site... http://feeds.feedburner.com/~r/Alledia/~3/375629705/index.php. |
Blog CategoriesSubscribeSign up to our email newsletter to stay in touch - we send it out monthly and never spam. Friends and collaboratorsRSS: blogs |
blogs about joomla Serious IDevAffiliate Security Hole
This site uses Seedling's distribution of Joomla.
Joomla! is Free Software released under the GNU/GPL License.
© 2009 Design Guru. Some rights reserved under license.