You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The file 'changeAESKey.php' can be called via direct link and can brick a working Installation of this plugin.
Executing it will decrypt all stored passwords in the Database with a false AES key and re-encrypt those passwords with the same false key and store them in a Database.
At no point it actually leaks any stored information, it just forces users to reenter their stored passwords.
Solution: Remove the file 'changeAESKey.php' and release a new build with an empty 'changeAESKey.php' file to make sure it gets overwritten.
The text was updated successfully, but these errors were encountered:
The file 'changeAESKey.php' can be called via direct link and can brick a working Installation of this plugin.
Executing it will decrypt all stored passwords in the Database with a false AES key and re-encrypt those passwords with the same false key and store them in a Database.
At no point it actually leaks any stored information, it just forces users to reenter their stored passwords.
Solution: Remove the file 'changeAESKey.php' and release a new build with an empty 'changeAESKey.php' file to make sure it gets overwritten.
The text was updated successfully, but these errors were encountered: