Password security during activation
Autore: Andreas K.
Visite 405,
Followers 1,
Condiviso 0
Hello,
I've now correctly registered the advent calendar version of chip.de on your site - I've got the 404 error messages which were producted by using a proxy, which I detected using WireShark to check the communication.
But I've also seen that during the registration/activation phase all data is transmitted in plain text, converted to base64, but no hash with salt, no TLS secured connection, all in plain text via unsecured HTTP. So everyone who is concerned about security is not happy to see that (email address and password for this site in clear text).
I have now changed my password at https://answers.websitex5.com/ immediately and I advice everyone to do the same!
best regards,
Andreas K.
Postato il