[Koha-bugs] [Bug 33352] New: Password sent by message (accdetails) without decryption
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 28 20:09:58 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33352
Bug ID: 33352
Summary: Password sent by message (accdetails) without
decryption
Change sponsored?: ---
Product: Koha
Version: 21.11
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5 - low
Component: Tools
Assignee: koha-bugs at lists.koha-community.org
Reporter: pablo.joneslobos at gmail.com
QA Contact: testopia at bugs.koha-community.org
Hello! I'm using version 21.11 of Koha. In our case, we have user
self-registration enabled, and when a user registers, they are automatically
sent a Welcome email through Koha messaging. The message includes their account
name and password, but the problem is that the password is sent without being
encrypted. This did not happen in the previous version. I understand that Koha
uses Blowfish encryption. Do you have any idea how to decrypt the password so
that it can be displayed?
For example, this is the programmed message (accdetails):
Hello, <<borrowers.firstname>> <<borrowers.surname>>.
Your account has been created in the UNPSJB Library System. Your account
details are as follows:
Username: <<borrowers.userid>>
Password: <<borrowers.password>>
The text sent is:
Hello, Ximena Vanina XXXX
Your account has been created in the UNPSJB Library System. Your account
details are as follows:
Username: ximenavanina.XXXX
Password: $2a$08$orfJ.jWu.RYvR/nhn.gs1e42FnSnliuLuXmsRG38hTP3irEC5BJUS
Any ideas?
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list