Reporting Vulnerabilities within Forumotion
2 posters
Page 1 of 1
Reporting Vulnerabilities within Forumotion
Hello,
I need to get in contact with someone that I can report a security issue. Also why is formation sending passwords in clear text? That is very insecure.
I need to get in contact with someone that I can report a security issue. Also why is formation sending passwords in clear text? That is very insecure.
Re: Reporting Vulnerabilities within Forumotion
Hello,
What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?
Forumotion has very secure servers and rest assured your forum is in good hands.
-Brandon
What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?
Forumotion has very secure servers and rest assured your forum is in good hands.
-Brandon
Remember to mark your topic when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?
Team Leader
Review Section Rules | Request A Review | Sticker Points
Re: Reporting Vulnerabilities within Forumotion
I found a few XSS vulnerabilities within the forum. Also, regardless if its secure its still a vulnerability from the user standpoint. If X users email was hacked it can result in having there pw leaked. Is it too hard to disable sending password in email?brandon_g wrote:Hello,
What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?
Forumotion has very secure servers and rest assured your forum is in good hands.
-Brandon
Lastly the other problem I have is, when I register with my email, I can't send it because formation decides to block my email because it uses a period in the email. From my understanding the site is doing:
email = 'test.email@gmail.com'
email.split('.') #which results in: email[0] = test and email[1] = email@gmail and email[2] =com
Please fix this as well. The xss will be shared with proper user.
Re: Reporting Vulnerabilities within Forumotion
Forumotion sends the password to the email address provided once so that the user can go back refrence it in the future should they forget whatever it is or something.
As for if their email address could potentially be hacked or not, that is not forumotions issue to deal with and worry about. If a user is concerned about the security of their email address, they should be sure to use a strong password that can't be hacked easily.
Furthermore, Forumotion recommends keeping ones forumotion foundation email address a secret and displaying a different email address on the founder profile on the forum itself. That way the actual foundation email address is not known and thus can't be hacked by someone looking to hijack the forum.
Bottomline: Forumotion does all it can to keep every forum on its servers and networks secure on its end, but the indiviual user still has to do their part and be smart to keep their forum and email accounts secure and safe.
-Brandon
As for if their email address could potentially be hacked or not, that is not forumotions issue to deal with and worry about. If a user is concerned about the security of their email address, they should be sure to use a strong password that can't be hacked easily.
Furthermore, Forumotion recommends keeping ones forumotion foundation email address a secret and displaying a different email address on the founder profile on the forum itself. That way the actual foundation email address is not known and thus can't be hacked by someone looking to hijack the forum.
Bottomline: Forumotion does all it can to keep every forum on its servers and networks secure on its end, but the indiviual user still has to do their part and be smart to keep their forum and email accounts secure and safe.
-Brandon
Remember to mark your topic when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?
Team Leader
Review Section Rules | Request A Review | Sticker Points
Re: Reporting Vulnerabilities within Forumotion
Nevermind, I won't be reporting them.
Please close the thread.
Thanks.
Please close the thread.
Thanks.
Re: Reporting Vulnerabilities within Forumotion
Topic locked on request ~ brandon_g
Remember to mark your topic when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?
Team Leader
Review Section Rules | Request A Review | Sticker Points
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum