Hello Guest it is December 16, 2019, 04:50:10 AM

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - dhnaranjo

Pages: 1
1
Hey y'all, so your product is great but your forum is putting your customers at risk of their online data being compromised.

I just registered for your forum and received an email that included my password sent as plaintext. This is only possible if you all have the password stored in your database as text, rather than a hash. When passwords are stored in this way it means that, were your database to be compromised, every single user login and email would have the associated password conveniently visible to whoever gained access. I'm sure you know that many of your users likely use one password for many of their accounts, including the email they use to register with this forum.

Y'all need to fix this immediately.

For reference: http://plaintextoffenders.com/faq/devs

Thank much, be well.

Pages: 1