The forum of the forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Reporting Vulnerabilities within Forumotion

2 posters

Go down

In progress Reporting Vulnerabilities within Forumotion

Post by VoIP December 3rd 2016, 7:24 am

Hello,

I need to get in contact with someone that I can report a security issue. Also why is formation sending passwords in clear text? That is very insecure.
VoIP
VoIP
New Member

Posts : 14
Reputation : 2
Language : English

http://test.forumotion.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by brandon_g December 3rd 2016, 8:27 pm

Hello,

What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?

Forumotion has very secure servers and rest assured your forum is in good hands. Smile

-Brandon


Reporting Vulnerabilities within Forumotion Brando10
Remember to mark your topic Reporting Vulnerabilities within Forumotion Solved15 when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?

Reporting Vulnerabilities within Forumotion Scre1476
Team Leader
Review Section Rules | Request A Review | Sticker Points
brandon_g
brandon_g
Manager
Manager

Male Posts : 10106
Reputation : 923
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by VoIP December 4th 2016, 12:32 am

brandon_g wrote:Hello,

What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?

Forumotion has very secure servers and rest assured your forum is in good hands. Smile

-Brandon
I found a few XSS vulnerabilities within the forum. Also, regardless if its secure its still a vulnerability from the user standpoint. If X users email was hacked it can result in having there pw leaked. Is it too hard to disable sending password in email?

Lastly the other problem I have is, when I register with my email, I can't send it because formation decides to block my email because it uses a period in the email. From my understanding the site is doing:

email = 'test.email@gmail.com'
email.split('.') #which results in: email[0] = test and email[1] = email@gmail and email[2] =com

Please fix this as well. The xss will be shared with proper user.
VoIP
VoIP
New Member

Posts : 14
Reputation : 2
Language : English

http://test.forumotion.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by brandon_g December 4th 2016, 2:39 pm

Forumotion sends the password to the email address provided once so that the user can go back refrence it in the future should they forget whatever it is or something.

As for if their email address could potentially be hacked or not, that is not forumotions issue to deal with and worry about. If a user is concerned about the security of their email address, they should be sure to use a strong password that can't be hacked easily.

Furthermore, Forumotion recommends keeping ones forumotion foundation email address a secret and displaying a different email address on the founder profile on the forum itself. That way the actual foundation email address is not known and thus can't be hacked by someone looking to hijack the forum.

Bottomline: Forumotion does all it can to keep every forum on its servers and networks secure on its end, but the indiviual user still has to do their part and be smart to keep their forum and email accounts secure and safe.

-Brandon


Reporting Vulnerabilities within Forumotion Brando10
Remember to mark your topic Reporting Vulnerabilities within Forumotion Solved15 when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?

Reporting Vulnerabilities within Forumotion Scre1476
Team Leader
Review Section Rules | Request A Review | Sticker Points
brandon_g
brandon_g
Manager
Manager

Male Posts : 10106
Reputation : 923
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by VoIP December 6th 2016, 12:57 am

Nevermind, I won't be reporting them.
Please close the thread.
Thanks.
VoIP
VoIP
New Member

Posts : 14
Reputation : 2
Language : English

http://test.forumotion.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by brandon_g December 6th 2016, 5:54 am

Topic locked on request ~ brandon_g


Reporting Vulnerabilities within Forumotion Brando10
Remember to mark your topic Reporting Vulnerabilities within Forumotion Solved15 when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?

Reporting Vulnerabilities within Forumotion Scre1476
Team Leader
Review Section Rules | Request A Review | Sticker Points
brandon_g
brandon_g
Manager
Manager

Male Posts : 10106
Reputation : 923
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum