Ejabberd passwords are stored in decoded form.
Hi, dear Habrayuzer!
Recently, I notice a lot of posts in the "Information Security" section on storing / generating passwords.
Not so long ago I installed the latest version of Ejabberd - a free, distributed and fault tolerant XMPP server. The server itself is quite functional, flexible and easy to configure. However, I was struck by the fact that the server administrator can request the password of any user in the clear (!):
Personally, it seems to me that this is not quite normal, it should be possible only to reset the password ( OpenFire just allows just that), but in no case can one implement the display of the password in the open form. It should be noted that Ejabberd is used on very many public free services, including the service of Yandex Ya. Online works on a modified version called “Yabberd” (and the password from the ya.ru account is the password from mail and other Yandex services) , Jabber.ru (the largest server in Russia) and many others.
XMPP (Jabber) should be the safest instant messaging protocol and, of course, the developers of such a functional and common server should pay attention to this fact.
Recently, I notice a lot of posts in the "Information Security" section on storing / generating passwords.
Not so long ago I installed the latest version of Ejabberd - a free, distributed and fault tolerant XMPP server. The server itself is quite functional, flexible and easy to configure. However, I was struck by the fact that the server administrator can request the password of any user in the clear (!):
Personally, it seems to me that this is not quite normal, it should be possible only to reset the password ( OpenFire just allows just that), but in no case can one implement the display of the password in the open form. It should be noted that Ejabberd is used on very many public free services, including the service of Yandex Ya. Online works on a modified version called “Yabberd” (and the password from the ya.ru account is the password from mail and other Yandex services) , Jabber.ru (the largest server in Russia) and many others.
XMPP (Jabber) should be the safest instant messaging protocol and, of course, the developers of such a functional and common server should pay attention to this fact.
')
Source: https://habr.com/ru/post/80509/
All Articles