Magento - Major Encryption Key Vulnerability - Installation Problems - eCommerce Software for Growth

Log In

Username or Email

Password:

Forgot Password

or
Register

Skip to site navigation »
Skip to main content »
Skip to footer content »

Magento Forum

Major Encryption Key Vulnerability

iPhony Total Posts: 37 Joined: 2007-09-01 Ignore user	I was playing with magento and I just realized that once your store is up anyone can recover your encryption key in plain text by just adding /install/wizard/end/ to the end of your store’s domain name. This is critical and need to be fixed as soon as possible. For instance you can retrieve Magento’s demo store encryption key by just launching the following link in your browser: http://demo.magentocommerce.com/install/wizard/end/ I would like to hear from a magento team member about this is an issue. I would rather have this key retrievable after login or simply not retrievable online but only via email or so. Not sure which one is best…
	Posted: September 7 2007 \| top

Moshe Total Posts: 1770 Joined: 2007-08-07 Los Angeles Ignore user	This has been fixed and will be available in next release Signature - I would love to change the world, but they won’t give me the source code -
	Posted: September 7 2007 \| top \| # 1

iPhony Total Posts: 37 Joined: 2007-09-01 Ignore user	Great thanks for your fast reply.
	Posted: September 7 2007 \| top \| # 2

unknow_user Total Posts: 99 Joined: 2007-08-31 TX, USA Ignore user	IPhony you’re so crafty! good job though Signature Web Design, SEO, Internet strategies Le blog en Français \| son Flux RSS \| Le forum en Français
	Posted: September 7 2007 \| top \| # 3

Brandon Total Posts: 76 Joined: 2007-08-31 Web Developer Ignore user	Shouldn’t the entire install directory be deleted once installed?
	Posted: September 7 2007 \| top \| # 4

Magento Community

Magento Community

Back to top

115mb are you joking

Post Installation Error: Allowed memory size exhausted