eSign and plaintext password reveal

system · June 30, 2015, 7:23am

mdsupport wrote on Tuesday, June 30, 2015:

Has anyone noticed that while authenticating an user using e-sign function, firebug will show user’s password in plain text when you examine

POST request to interface/esign/index.php?module=encounter&method=esign_form_submit

amendment
encounterId 164725
password MyPassword
table form_encounter
userId

Or is it that SSL on my servers is broken?

porter · October 15, 2018, 5:02pm

Did this get resolved? I know it is old, but I wanted to ask. It sounds like there’s an SSL issue.

jesdynf · October 15, 2018, 5:12pm

That’s not a security issue. The password is sent to the server – that’s how passwords work. Firebug shows you the password because Firebug shows you requests before they’re encrypted with SSL.