| Category: | Bug report |
Priority: | Normal |
Status: | New |
| Project: | Severity: | Major |
Resolution: | Open |
|
| Component: | Reproducibility: | Always |
Assigned to: |
I'm using JasperServer 4.1 with the web service client WSClient from the samples source code.
After instantiating JSServer with the web services url and a user id and password e.g. jasperadmin/jasperadmin I've noticed that no authentication error is thrown if the password is incorrect, worse still the incorrect password is actually set on the jasperadmin user id.
Additionally the password is passed straight through and stored in the jiusers table as plain text.
1 Comment:
I've noticed this issue occurs only when a hash algorithm e.g. MD5 is used for password encoding, if I revert back to the original DESede cipher this problem doesn't occur.