Jump to content

displaying customer passwords in emails


hadlowj

Recommended Posts

I work around this problem by adding ***** to the email template translations. But it is expected that customer remembers the password he had used to register on the store. But it safer than sending the password without even a confirmation email which prestashop does for new registrations. So if your email is [email protected], and you accidentally typed [email protected]. , the welcome email goes to that guy. Not too good. Or if the email does not exist, it comes back to you as bounced email and you can see the password of your customer. Not good either.

Edited by indus (see edit history)
  • Like 1
Link to comment
Share on other sites

Hi Xavier,

 

Can a very very small change be done to 1.6, can a confirmation email be sent to the email address of new user to confirm his email address , or has that already been added to 1.6? Once he clicks on the email verification link, then the new password is emailed to him. It does not work this way in 1.5. So, if i type [email protected] instead of xavier, customer does not know what happened to his confirmation email.

Edited by indus (see edit history)
Link to comment
Share on other sites

Here's the problem, indus:

 

Email confirmation setup: you set up this kind of subscription form for a forum, an online tool or a web-app. But doing this with an online store could hurt conversion. Does it make sense?

 

Email without password setup: 1 - the email contains the email address and the password. If you remove the password from the content, the email is quite pointless. 2 - If I make a mistake when I set up an account on your online store and enter [email protected], I will not receive an email but that won't help me realize my mistake... how could I know if I'm supposed to receive an email? I'll realize my mistake when I don't receive a confirmation order, that's when! 

 

My preferred configuration on this matter: no email. Like my GIF shows. When I set up the account, I'm automatically logged in anyway. And my purchase usually follows a couple minutes later, along with the order confirmation email :)

Link to comment
Share on other sites

How i look at it is,  when a customer uses a wrong email and if the email does not exist, i get a bounced mail with the password he used ,  but i also have all his address and phone numbers, so i think its more of a privacy issue, i removed the password because of this, and people use all kinds of crazy things for passwords. So i feel like i get to know a bit more personal stuff about a customer than what i actually need. I have had to call a customer to get his email if he has actually ordered something, but sometimes, they just register and will order the next day, if he does not get the confirmation email, he wont finish an order later on. So i can argue that can also hurt conversions. And in many many cases, the customer does not order a product right away, he can order it when he feels he is ready.

Link to comment
Share on other sites

  • 9 months later...

Hello,

 

I'm a customer of a shop that uses your software. The issue here is a serious security problem.

 

Showing a user's password by any mean forces to doubt whether the passwords are encrypted in the database. There shouldn't be any way how to decrypt the passwords and show them to anyone. As long as the Internet is full of questions how to decrypt them, it seems that PrestaShop does a correct encryption.

 

But there is another related problem. When you show the password together with the user name (or email) of a user by an unencrypted mean (e.g. an unencrypted email, HTTP, etc.) to anyone, you automatically risk that this information can be captured by any administrator of the infrastructure (e.g. any such server) that helps to deliver the information to the recipient. The administrator can then misuse the information or sell it to someone else. Having the user name and the password allows anyone to access the other personal information.

 

And not only the information stored in a PrestaShop instance. Most of users use the same password for all the Internet services. So, if one knows the login details, one has an access also to the email address. If by any chance the user uses the same password for the eshop and the email, the attacker has automatically access to the email and thus to almost anything.

 

You should always at least divide the email into two emails so that the user name and the password is not in the same message (this is impossible when user names are email addresses of the users). Or you should encrypt the emails. It is also impossible because most of the users does not have any encryption key. Or you should send just temporary passwords that must be changed during the first log in. Or you shouldn't send passwords at all.

 

Are you going to fix it? Is there a proper way how to report bugs?

 

screen attached

 

And it's even more funny that the email gives some "security tips" that the email itself does not follow. The email is not encrypted. So, sending a plain email containing both the username and the password through the Internet, you don't "keep the details safe" because you "disclose the details to any" administrator of the infrastructure (see above).

 

If you remove the password from the content, the email is quite pointless.

 

My preferred configuration on this matter: no email.

 

Well, the email is pointless either containing a password or not. A customer see that the registration succeeded because he's automatically logged in. There is no need to confirm it via all communication channels and waste all the resources that are needed to deliver the messages.

 

"Your" preferred configuration should be set by default. Respectivelly it should be mandatory.

  • Like 2
Link to comment
Share on other sites

×
×
  • Create New...