########################################################################################## PHPCRED-13: Password Usage Search ########################################################################################## Issue Type: New Feature ----------------------------------------------------------------------------------------- Issue Information ==================== Priority: Major Status: Closed Resolution: Won't Fix (2019-09-09 15:51:07) Project: PHPCredlocker (PHPCRED) Reported By: btasker Assigned To: btasker Components: - Crypto - Storage Targeted for fix in version: - 1.25 Time Estimate: 0 minutes Time Logged: 0 minutes ----------------------------------------------------------------------------------------- Issue Description ================== Would need to be a Super-Admin only function. If a password is known to be compromised (or it's known that a specific pass has been re-used), it'd be good to be able to search all stored credentials to display a list of where that password is used. Would need to encrypt the submitted password with all available crypto keys (so begin by retrieving cred types) and then search the database for that value. Obviously needs to be well secured to prevent introducing a fairly severe security hole! ----------------------------------------------------------------------------------------- Activity ========== ----------------------------------------------------------------------------------------- 2013-12-08 16:34:34 ----------------------------------------------------------------------------------------- btasker added '1.25' to Fix Version ----------------------------------------------------------------------------------------- 2013-12-08 16:34:34 ----------------------------------------------------------------------------------------- btasker removed '1.5' from Fix Version ----------------------------------------------------------------------------------------- 2013-12-08 16:44:04 ----------------------------------------------------------------------------------------- btasker changed status from 'Open' to 'In Progress' ----------------------------------------------------------------------------------------- 2013-12-08 18:05:57 btasker ----------------------------------------------------------------------------------------- Given the potential number of keys, and the key length, it'll need to be 1 request per credType to ensure that we don't hit any execution limits. So whilst the view needs to be created, most of the legwork will need to be created through an AJAX request. Would suggest the resulting output is along the following lines |Customer|CredType|Username|Comment|Edit Cred Link| ----------------------------------------------------------------------------------------- 2013-12-08 18:29:13 btasker ----------------------------------------------------------------------------------------- The API request method to use is -- BEGIN QUOTE -- searchCredValue -- END QUOTE -- The view name is -- BEGIN QUOTE -- searchCreds -- END QUOTE -- No real functionality implemented as yet, but the JS functions are in place (if currently somewhat useless) ----------------------------------------------------------------------------------------- 2013-12-08 23:14:11 btasker ----------------------------------------------------------------------------------------- Feature implemented to a basic level. Have merged and closed the feature branch. Changes now in Dev ----------------------------------------------------------------------------------------- 2019-09-09 15:51:07 btasker ----------------------------------------------------------------------------------------- Bulk Closing as Won't Fix. Credlocker is EOL so no further work will be done. ----------------------------------------------------------------------------------------- 2019-09-09 15:51:07 ----------------------------------------------------------------------------------------- btasker changed status from 'In Progress' to 'Closed' ----------------------------------------------------------------------------------------- 2019-09-09 15:51:07 ----------------------------------------------------------------------------------------- btasker added 'Won't Fix' to resolution