Jump to content
MUX Global Community
WolfCode

Insecure password storage

Recommended Posts

I had 'forgotten' my password (it did not fit in the box apparently, so only part of my password was entered), and using the forgot password functionality sent me my password in plain-text.

This is a clear sign of non-existent security.

Share this post


Link to post
Share on other sites

Wasn't that already obvious from the lack of TLS on their website when you try to log in?

I didn't bother with a secure password after that. Sooner or later it would appear in HIBP anyway :D

Share this post


Link to post
Share on other sites

And what the problem, by your opinion, with this kind of method ?

Share this post


Link to post
Share on other sites

The problem is that this shows you store our passwords in plain text on your servers.

Any hacker, any employee, anyone with bad intentions and access to your server can just see it and steal it.

Share this post


Link to post
Share on other sites
12 minutes ago, kostas4949 said:

The problem is that this shows you store our passwords in plain text on your servers.

Any hacker, any employee, anyone with bad intentions and access to your server can just see it and steal it.

 

Only 4 people can see passwords. I, Shan, Emp & Bel4enak. We have working since 2007 year, and there wasn't any problem with passwords. And we have good protection. You can trust us. ;)

Share this post


Link to post
Share on other sites
6 minutes ago, Arthur said:

 

Only 4 people can see passwords. I, Shan, Emp & Bel4enak. We have working since 2007 year, and there wasn't any problem with passwords. And we have good protection. You can trust us. ;)

It doesn't matter. You guys can be perfect and still get hacked. Look at all those big companies that spend so much money on security that get hacked every day.

It's not IF you will get hacked, but WHEN. And when that happens it's better if the passwords are hashed+salted than being plain text.

 

The same is true for TLS when logging in. Anyone could MITM if they really wanted to and steal login credentials.

Share this post


Link to post
Share on other sites

OK so what? you lose your bank account details or personal data? 

Open your mind...

 

Share this post


Link to post
Share on other sites
54 minutes ago, MZU said:

OK so what? you lose your bank account details or personal data? 

Open your mind...

 

Your senseless commenting can't be avoided anywhere on this forum, can it?

1) People donate to this game, there is money involved in accounts.

 

2) Many people use the same or a very similar password on multiple sites. This could breach multiple accounts.

 

3) Yes, this is personal data.

 

But why am i bothering? You almost never make sense anyway.

  • Like 1

Share this post


Link to post
Share on other sites
19 hours ago, kostas4949 said:

Your senseless commenting can't be avoided anywhere on this forum, can it?

1) People donate to this game, there is money involved in accounts.

 

2) Many people use the same or a very similar password on multiple sites. This could breach multiple accounts.

 

3) Yes, this is personal data.

 

But why am i bothering? You almost never make sense anyway.

 

For your information, even Webzen was hacked. So go play NASA if you are control freak.

 

Mtfkr

Share this post


Link to post
Share on other sites
4 hours ago, MZU said:

 

For your information, even Webzen was hacked. So go play NASA if you are control freak.

 

Mtfkr 

2 sentences, none of them making any sense whatsoever in the current context. You really have trouble typing anything that would need the usage of even a few brain cells, don't you?

 

The issue is too serious in my eyes,though, to end up becoming a laughing matter by your comments so I will refrain from feeding you after this post.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×