chat Users' password are stored... in plaintext?

  • aphanic
  • aphanic的头åƒ� 离线 Topic Author
  • Newbie
  • Newbie
  • 帖子: 1
  • Thanks: 0

Users' password are stored... in plaintext? was created by aphanic

Posted 10 个月 2 周 � #1191
Hi, I am a new user, registered through the main site (not the forum, in case there is another registration procedure here). After filling in the details (there were no options in the language selector by the way), I got to the point of validating my account through a link in an email. The message had gone to the junk folder, no problem, but I what I saw besides the activation link worried me: it also contained my username and my password in plaintext, meaning not only it is not being salted before being sent to the server, but it is also not even encrypted.

How come? I mean, not only it is non-standard, but it need not add computation cost server-side (encryption and all would happen locally). In my case it is not a problem, my password is a random string of characters of a certain length, but it baffled me when I saw WebAuthn is supported in the site (the Web authentication button above the traditional login one), something that really not many other sites support.
Last Edit:10 个月 2 周 � aphanic
Last edit: 10 个月 2 周 � by admin.

登录注册一个帐号 以加入对话

  • admin
  • admin的头åƒ� 离线
  • Admin
  • Admin
  • 帖子: 526
  • Thanks: 232

Replied by admin on topic Users' password are stored... in plaintext?

Posted 10 个月 2 周 � #1192
Hello yes weird I will see immediately otherwise if you are registered on the site you are also registered on the Forum (identical account)
thanks i will check it out 

Asus Z790 Pro Art, Intel Cpu I7 14700K, Memoires 32Go Corsair DDR5 (6000Mhz CL30), Water-cooling Thermaright, nVidia Geforce RTX3060,  Alimentation Asus ROG 850W, Samsung SSD 990 Pro, SSD980 Pro, Clavier Roccat Vulkan , Souris Asus, Boitier NZXT H6, HP Creative SB Kratos Free Fibre 10Gb Cable CAT8/7, Switch 10/5/2.5Gbps, Casque Philips Fedelis.

以下用户感谢了你: aphanic

登录注册一个帐号 以加入对话

核心: Kunena 论坛