Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
None
-
None
-
true
Description
The autologin cookie currently isn't encrypted, which is rather alarming considering it contains the user name and password. Instead, it is XOR'ed with character offsets, which is insecure. The text, if we really need to put a user name and password in there, needs to be encrypted with a real encryption algorithm.