Security vulnerability to user account and server side user data

Security vulnerability to user account and server side user data

Zoho stores unencrypted account information in the client side registry (e.g. zohopassword and zohousername keys under HKEY_USERS in Windows XP).

Does this constitute a serious and widespread security vulnerability - e.g. could a server side program steal this information and use it to access user accounts?

If not, what prevents this?

Even if server side theft of user account credentials is theroetically impossible, storing this data in plain ASCII format, and unencrypted, still represents a serious though less widespread vulnerability. This is because someone accessing a vacant terminal, or looking over a user's shoulder etc., would be able to steal their account login credentials.

Given the volume and sensitivity of the information stored in a user's account, this practice is a worryingly sloppy approach to the serious issue of protecting the user's account and server side data from unauthorised access.

Mark
http://www.markhughes.eu

Access your files securely from anywhere

Zoho Workdrvie Desktop App

Zoho Workdrvie iOS App

Zoho Workdrvie Android App

Zoho Developer Community

New to Zoho LandingPage?

Access Zoho LandingPage

Zoho LandingPage Resources

Contact Support

Follow us on

New to Zoho Survey?

Sign Up Now

Access Zoho Survey

Latest Feature Updates

Explore our Pricing & Plans

Follow us on

Zoho Survey Resources

Survey Templates

iOS Mobile Surveys

Android Mobile Surveys

New to Zoho CRM Plus?

Sign Up For Free

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho CRM Plus?

Sign Up For Free

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho Marketing Plus?

Sign Up For Free

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

New to Zoho Marketing Plus?

Sign Up For Free

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

New to Bigin?

Latest Feature Updates

Zoho Desk Resources

Desk Community Learning Series
Digest
Functions
Meetups
Kbase
Resources
Glossary
Desk Marketplace
MVP Corner
Word of the Day

Tout forum

France ZUGs

Zoho Marketing Automation

Zoho SalesIQ Resources

Topic Participants
happybeing
deepak.vasudevan
Pandyah

New to Zoho Social?

SIGN UP FOR FREE

Manage your brands on social media

Access Zoho Social

Zoho Pagesense Resources

New to Zoho TeamInbox?

Zoho TeamInbox Resources

Zoho DataPrep Resources

New to Zoho DataPrep?

SIGN UP FOR ZOHO DATAPREP

Access Zoho DataPrep

Zoho CRM Plus Resources

Zoho Books Resources

Zoho Subscriptions Resources

Zoho Projects Resources

Zoho Sprints Resources

Qntrl Resources

Zoho Creator Resources

Zoho Campaigns Resources

Campaigns Community Learning Series

Zoho CRM Resources

CRM Community Learning Series
Kaizen
Functions
Meetups
Kbase
Resources
Digest
CRM Marketplace
MVP Corner

Follow us on

Design. Discuss. Deliver.

Create visually engaging stories with Zoho Show.

Get Started Now

Zoho Show Resources

Writer

Get Started. Write Away!

Writer is a powerful online word processor, designed for collaborative work.

Zoho CRM コンテンツ

その他のサービスコンテンツ

Zoho Campaigns
Zoho サービスのWebセミナー

Nederlandse Hulpbronnen

ご検討中の方