Skip to Content
Former Member
May 06, 2013 at 01:11 PM

Security problem...


Hi Experts, I discovered a big hole in the security in ID<-->XI, is the connection between "ID" and "XI" is "HTTP", using any sniffer is possible view all XMLs of communication channels, including passwords configured.

How it works:

ID -> XI:

ID sends decrypted passwords and XI encrypts them and stores (can see encrypted in the rwm cache)

XI -> ID:

XI decrypt the passwords and sent to ID

Is there any solution to this problem?. (the good of this problem is that it is possible to retrieve forgotten password of CCs :D)

Something that could be improved is that the password will decrypt the ID....

Best Regards.