Cool VL Viewer forum http://sldev.free.fr/forum/ |
|
[Forum issue] Passwords sent in plaintext without HTTPS http://sldev.free.fr/forum/viewtopic.php?f=5&t=2549 |
Page 1 of 1 |
Author: | briannaTheLovey [ 2024-08-08 17:16:34 ] |
Post subject: | [Forum issue] Passwords sent in plaintext without HTTPS |
Hi! So when registering here, I noticed it is not using HTTPS. I decided to look at the browser traffic to see if my password was being sent unhashed, and sure enough it was: https://files.catbox.moe/ydtt37.png This will likely not be an issue for those of us who use a password manager or at least use different passwords for different sites/platforms, but I suspect some users here may be using the same forum password for their SL account or possibly other accounts. I am not sure if you have any control over the forum software or not, but it would be wise to either implement a fix or raise this issue with the maintainers. |
Author: | Henri Beauchamp [ 2024-08-08 17:28:28 ] |
Post subject: | Re: [Forum issue] Passwords sent in plaintext without HTTPS |
Complain to phpBB's developers, or to my ISP which takes years to migrate their web servers to HTTPS... I, for one, won't do anything about this (not going to re-code phpBB, sorry !). Note that it is of little consequence, since to be able to recover that password, someone would need to do it in a "man in the middle" attack, which is unlikely to happen for a forum account that got nothing to steal from. PS: please, also note that the "Bug reports" forum is reserved to viewer bugs. Forum issues should go here. |
Author: | briannaTheLovey [ 2024-08-08 19:28:43 ] |
Post subject: | Re: [Forum issue] Passwords sent in plaintext without HTTPS |
Understood. I will raise this issue with them. Thanks for your patience c: |
Page 1 of 1 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |