Cool VL Viewer forum
http://sldev.free.fr/forum/

[Forum issue] Passwords sent in plaintext without HTTPS
http://sldev.free.fr/forum/viewtopic.php?f=5&t=2549
Page 1 of 1

Author:  briannaTheLovey [ 2024-08-08 17:16:34 ]
Post subject:  [Forum issue] Passwords sent in plaintext without HTTPS

Hi! So when registering here, I noticed it is not using HTTPS. I decided to look at the browser traffic to see if my password was being sent unhashed, and sure enough it was: https://files.catbox.moe/ydtt37.png

This will likely not be an issue for those of us who use a password manager or at least use different passwords for different sites/platforms, but I suspect some users here may be using the same forum password for their SL account or possibly other accounts. I am not sure if you have any control over the forum software or not, but it would be wise to either implement a fix or raise this issue with the maintainers.

Author:  Henri Beauchamp [ 2024-08-08 17:28:28 ]
Post subject:  Re: [Forum issue] Passwords sent in plaintext without HTTPS

Complain to phpBB's developers, or to my ISP which takes years to migrate their web servers to HTTPS...

I, for one, won't do anything about this (not going to re-code phpBB, sorry !).

Note that it is of little consequence, since to be able to recover that password, someone would need to do it in a "man in the middle" attack, which is unlikely to happen for a forum account that got nothing to steal from.

PS: please, also note that the "Bug reports" forum is reserved to viewer bugs. Forum issues should go here.

Author:  briannaTheLovey [ 2024-08-08 19:28:43 ]
Post subject:  Re: [Forum issue] Passwords sent in plaintext without HTTPS

Understood. I will raise this issue with them. Thanks for your patience c:

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/