The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Reporting Vulnerabilities within Forumotion

View previous topic View next topic Go down

In progress Reporting Vulnerabilities within Forumotion

Post by VoIP on December 3rd 2016, 7:24 am

Hello,

I need to get in contact with someone that I can report a security issue. Also why is formation sending passwords in clear text? That is very insecure.
avatar
VoIP
New Member

Posts : 14
Reputation : 2
Language : English

http://test.forumotion.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by brandon_g on December 3rd 2016, 8:27 pm

Hello,

What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?

Forumotion has very secure servers and rest assured your forum is in good hands. Smile

-Brandon


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 5943
Reputation : 547
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by VoIP on December 4th 2016, 12:32 am

brandon_g wrote:Hello,

What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?

Forumotion has very secure servers and rest assured your forum is in good hands. Smile

-Brandon
I found a few XSS vulnerabilities within the forum. Also, regardless if its secure its still a vulnerability from the user standpoint. If X users email was hacked it can result in having there pw leaked. Is it too hard to disable sending password in email?

Lastly the other problem I have is, when I register with my email, I can't send it because formation decides to block my email because it uses a period in the email. From my understanding the site is doing:

email = 'test.email@gmail.com'
email.split('.') #which results in: email[0] = test and email[1] = email@gmail and email[2] =com

Please fix this as well. The xss will be shared with proper user.
avatar
VoIP
New Member

Posts : 14
Reputation : 2
Language : English

http://test.forumotion.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by brandon_g on December 4th 2016, 2:39 pm

Forumotion sends the password to the email address provided once so that the user can go back refrence it in the future should they forget whatever it is or something.

As for if their email address could potentially be hacked or not, that is not forumotions issue to deal with and worry about. If a user is concerned about the security of their email address, they should be sure to use a strong password that can't be hacked easily.

Furthermore, Forumotion recommends keeping ones forumotion foundation email address a secret and displaying a different email address on the founder profile on the forum itself. That way the actual foundation email address is not known and thus can't be hacked by someone looking to hijack the forum.

Bottomline: Forumotion does all it can to keep every forum on its servers and networks secure on its end, but the indiviual user still has to do their part and be smart to keep their forum and email accounts secure and safe.

-Brandon


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 5943
Reputation : 547
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by VoIP on December 6th 2016, 12:57 am

Nevermind, I won't be reporting them.
Please close the thread.
Thanks.
avatar
VoIP
New Member

Posts : 14
Reputation : 2
Language : English

http://test.forumotion.com

Back to top Go down

In progress Re: Reporting Vulnerabilities within Forumotion

Post by brandon_g on December 6th 2016, 5:54 am

Topic locked on request ~ brandon_g


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 5943
Reputation : 547
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum