Hi Experts, I discovered a big hole in the security in ID<-->XI, is the connection between "ID" and "XI" is "HTTP", using any sniffer is possible view all XMLs of communication channels, including passwords configured.
How it works:
ID -> XI:
ID sends decrypted passwords and XI encrypts them and stores (can see encrypted in the rwm cache)
XI -> ID:
XI decrypt the passwords and sent to ID
Is there any solution to this problem?. (the good of this problem is that it is possible to retrieve forgotten password of CCs :D)
Something that could be improved is that the password will decrypt the ID....