Noticed in Faxfinder 3.2.7 that when a user goes to the ‘Fax Servers’ section and Edits a fax server, the password is auto-populated. What’s more is that they can hit Show Password and the password is fully visible.
This has a number of bad implications but for our company the primary concern is that we’re using AD credentials to log in, and this means that Faxfinder 3.2.7 allows for potential access to obtain a user’s domain credentials.
Seems like a fairly large security concern to me, as while we do our best to try to educate users as to the dangers of leaving their PC unlocked when they aren’t at their desk, there’s always that time where they forget or mean to be gone for a few seconds but get caught up in a discussion with someone, etc.