Hi,
I am using Auth0 authentication for Users and the passwords are encrypted in database.
Recently the external party has raised an issue mentioning that the configuration is allowing to store password as plain text.
I created a new user with a password and verified the database and yet seeing the User password as encrypted password.
Also I see two entries of passwords in DB stored as plaintext for which the third party did the testing.
Like to know if any one has an idea how it was done as from application its working as expected.
Thanks and Regards,
Ramya S
Hi Ramya,
Can you check in the service center ->admin tab->Security configuration?
Did you checked that?
Hi Murugan,
Please find the screen grab below. Have enforced https in security tab and it was existing before the bug was raised.
Is that user creation flow in application level or user module?
Fyi please check once,
https://success.outsystems.com/support/security/outsystems_platform_server_hardening/