View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007414 | Taler | libeufin-bank | public | 2022-10-23 15:20 | 2023-11-29 01:30 |
| Reporter | Christian Grothoff | Assigned To | Antoine A | ||
| Priority | normal | Severity | major | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | 0.9.2 | ||||
| Target Version | 0.9.3 | Fixed in Version | 0.9.3 | ||
| Summary | 0007414: [security] Demonstration SPA stores password in plaintext in localstorage | ||||
| Description | Nora reports: The SPA currently stores the login details on the client in LocalStorage as backend-state.username & backend-state.password in plaintext. We should instead serve authentication tokens which would be stored in place of a password, at a bare minimum. Something like a simple randomized string that would get invalidated after some time should be sufficient, however something similar to RFC7519 should also work. Either way, we should not store the password (in an unhashed form) anywhere, neither on the client, nor the server. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-10-23 15:20 | Christian Grothoff | New Issue | |
| 2022-10-23 15:20 | Christian Grothoff | Status | new => assigned |
| 2022-10-23 15:20 | Christian Grothoff | Assigned To | => MS |
| 2023-01-08 11:31 | Christian Grothoff | Target Version | => 0.9.4 |
| 2023-04-13 20:26 | Florian Dold | Category | sandbox => libeufin sandbox |
| 2023-04-13 20:26 | Florian Dold | Project | libeufin => Taler |
| 2023-04-13 20:26 | Florian Dold | Category | libeufin sandbox => General |
| 2023-04-13 21:41 | Florian Dold | Category | General => libeufin-sandbox |
| 2023-09-03 18:16 | Christian Grothoff | Assigned To | MS => Antoine A |
| 2023-09-23 15:26 | Christian Grothoff | Category | libeufin-sandbox => libeufin-bank |
| 2023-11-22 15:48 | sebasjm | Status | assigned => resolved |
| 2023-11-22 15:48 | sebasjm | Resolution | open => fixed |
| 2023-11-29 01:28 | Christian Grothoff | Target Version | 0.9.4 => 0.9.3 |
| 2023-11-29 01:29 | Christian Grothoff | Fixed in Version | => 0.9.3 |
| 2023-11-29 01:30 | Christian Grothoff | Status | resolved => closed |
