You are not logged in.

KDE Forum emailed me my password!!

irrevenant

Beginner

  • "irrevenant" started this thread

Posts: 4

  • Send private message

1

Thursday, March 20th 2003, 12:23pm

KDE Forum emailed me my password!!

I received an email confirming that I had joined KDE-Forum, advising my login and password, and stating "Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you."

It is good that the password is encrypted in your database, but it's a major security hole that it is sent out in plain text via email!

Please modify the welcome message to NOT contain the password.

Thank you.

Kenneth

Intermediate

Posts: 302

  • Send private message

2

Saturday, March 22nd 2003, 9:46pm

That's part of phpBB. I think they should send it encrypted.
"Chopsticks require a person to use 64 muscles and 30 articulate movements simultaneously, which also acts in developing brain potential."

Nicolas Goutte

Intermediate

Posts: 194

  • Send private message

3

Friday, October 10th 2003, 3:40pm

That is to show how weak the password is.

(You do not access the forum by https:// either.)

Have a nice day!

kde-forum

Unregistered

4

Friday, October 10th 2003, 5:16pm

editing

I will edit the registration email so the mail wont send the password.

Nicolas Goutte

Intermediate

Posts: 194

  • Send private message

5

Friday, October 10th 2003, 8:36pm

May be I was not clear enough: sending it or not will not change the fact that it is a weak password, as it was sent in clear to the server (or the server would not have been able to return the password in the email.)

Before another misunderstanding appears: coding it in the client with crypt does not change much the problem, as the password exchanged between client and server is exactly the same byte sequence for each login.

Have a nice day!