Feature #25204
Updated by Mathias Schreiber over 9 years ago
While rsaauth encrypts the passwords entered in the login form, no encryption is applied to the password change form in the BE. This is a major design flaw and means that the site is actually less secure than it looks. rsaauth should encrypt all password fields in the BE password change requests as well. (issue imported from #M17802)