Hi,
I'm a computer science student who happens to be into retro bikes. I noticed this forum is sending passwords in plaintext form over the internet. Basically, anyone with basic tools can easily see your passwords whenever you log in.
I have attached a screenshot with an example showing this transmission. Where it says "key: password" that is a label then "value:ThisIsThePasswordBox" is what I typed in the password box, I typed "ThisIsThePasswordBox".
You may think this isn't an issue as it's not too important if someone knows your password for this forum, however if you use the same password for this as you do other account, such as Facebook or Amazon it can become a very big issue. I also expect that this forum is open to SQL Injections, a form of attack where the user can gain access to data from the websites database however confirming this would break the law.
This needs to be addressed so that the passwords of users on this forum aren't stolen
Foh
I'm a computer science student who happens to be into retro bikes. I noticed this forum is sending passwords in plaintext form over the internet. Basically, anyone with basic tools can easily see your passwords whenever you log in.
I have attached a screenshot with an example showing this transmission. Where it says "key: password" that is a label then "value:ThisIsThePasswordBox" is what I typed in the password box, I typed "ThisIsThePasswordBox".
You may think this isn't an issue as it's not too important if someone knows your password for this forum, however if you use the same password for this as you do other account, such as Facebook or Amazon it can become a very big issue. I also expect that this forum is open to SQL Injections, a form of attack where the user can gain access to data from the websites database however confirming this would break the law.
This needs to be addressed so that the passwords of users on this forum aren't stolen
Foh