Cool VL Viewer forum

View unanswered posts | View active topics It is currently 2024-10-13 01:40:06



Reply to topic  [ 3 posts ] 
[Forum issue] Passwords sent in plaintext without HTTPS 
Author Message

Joined: 2024-08-08 03:12:52
Posts: 4
Reply with quote
Hi! So when registering here, I noticed it is not using HTTPS. I decided to look at the browser traffic to see if my password was being sent unhashed, and sure enough it was: https://files.catbox.moe/ydtt37.png

This will likely not be an issue for those of us who use a password manager or at least use different passwords for different sites/platforms, but I suspect some users here may be using the same forum password for their SL account or possibly other accounts. I am not sure if you have any control over the forum software or not, but it would be wise to either implement a fix or raise this issue with the maintainers.


2024-08-08 17:16:34
Profile

Joined: 2009-03-17 18:42:51
Posts: 5801
Reply with quote
Complain to phpBB's developers, or to my ISP which takes years to migrate their web servers to HTTPS...

I, for one, won't do anything about this (not going to re-code phpBB, sorry !).

Note that it is of little consequence, since to be able to recover that password, someone would need to do it in a "man in the middle" attack, which is unlikely to happen for a forum account that got nothing to steal from.

PS: please, also note that the "Bug reports" forum is reserved to viewer bugs. Forum issues should go here.


2024-08-08 17:28:28
Profile WWW

Joined: 2024-08-08 03:12:52
Posts: 4
Reply with quote
Understood. I will raise this issue with them. Thanks for your patience c:


2024-08-08 19:28:43
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 3 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.