Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-24189

Encrypt the password when login aritfactory through UI

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: 3 - High
    • Resolution: Unresolved
    • Affects Version/s: 6.24.0, 7.10.7
    • Fix Version/s: None
    • Component/s: Artifactory, UI, Web UI
    • Labels:

      Description

      We did a permeability test on the Artifactory for security test.
      Artifactory have not encrypted the password when we login Artifactory through UI
      It should be encrypted by base64 or other method

       

      I know we can use https to protect the data flow between client and server.

      But we can see the password when we use the browser to capture packets and chack the packets.

       

      As I know, Most of tools such Sonarqube and Nexus repository will encrypt the username and password at login form.

      The steps to reproduce

      1. setup articactory v6 or v7
      2. login artifactory through UI
      3. Use your browser to capture packets and chack the packets.
        Request URL: http://ip:8082/ui/api/v1/ui/auth/login?_spring_security_remember_me=false
        Request body:{"user":"admin","password":"xxxxxx","type":"login"}
      4. The password was not encrypted

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            yongqiang Yong Qiang Liu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-24189 -
                SYNCHRONIZED
                • Last Sync Date: