My university IT department have un hashed access to all password.
How can an admin be allowed to click any user and see their full password?
I thought Moodle had a robust security system!
I reported this today (to my University).
How can I know if my password is safe?
If my staff/students passwords are safe?
I was helping IT with our Moodle, I seam to know more than they do. I was with an IT expert. Logged in as him. When I looked at a profile page of someone(anyone), I could see Unhide password. I ticked it. To my surprise I could see the full unhashed (uncoded- plain text) password.
How will I know if my university has fixed this?
How can we stop it from happening again?