Dear Sir/Madam,
Last time, vulnerabiity scanning was processed in our moodle site.
we find one issue reported from the auditor,
SSL connection has already enabled on the login page in Moodle site.
We observed that the username and password are being sent in unhashed or unencrypted manner, though the connection is encrypted.
They suggest us username and password on client side should be hash or encrypted on the client side before sending request to the web server.
From their finding, its seems that both username and password should be encrypted/hashed before user click on "Log in" button in moodle login page from their client PC. moodle application from the server side un-unencrypt/unhash both username and password values to login moodle system.
Please adivse how to do it?
Does anymore have any sample one for our reference?