The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Security Issue - Displaying Password in Email

View previous topic View next topic Go down

Solved Security Issue - Displaying Password in Email

Post by AI MANAGER Today at 1:49 am

Technical Details


Forum version : #phpBB3
Position : Founder
Concerned browser(s) : , Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Safari, Other
Who the problem concerns : All members
Forum link : Https://origincrypto.forumotion.com

Description of problem

Hello, I am setting up a forum for a crypto currency to answer technical issues. However, upon creation sign ups on the site emails the users their passwords. This is a major security risk and my clients do not want to sign up risking their data.

Is there any way I can disable this? If not I may ask for a refund as I purchased credits yesterday, a few hours before my development team notified me of the security risk.

Thanks in advance!


Last edited by AI MANAGER on January 16th 2018, 4:02 am; edited 1 time in total
avatar
AI MANAGER
New Member

Posts : 3
Reputation : 1
Language : English

Https://origincrypto.forumotion.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by brandon_g Today at 2:23 am

Hello,

The short answer to that is no it can not be changed. This is set up serverside and is not changeable.

I dont exactly see how this would be a security risk, unless the persons email is already hacked into or something, no one else would see the password and the person could simply delete the email immediatelly after it is read.

Anyway, sorry there is no way to change this.

-Brandon


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 6278
Reputation : 567
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by AI MANAGER Today at 2:53 am

If my client has their email stolen and they forgot to delete the message their account will be completely compromised do to the forums link, login username and password all being included within one message. I would say that is a security issue.

It is international standard to always encrypt at least the password as soon as entered.

If there is no way to change it locally, I highly suggest It to be changed server side.
avatar
AI MANAGER
New Member

Posts : 3
Reputation : 1
Language : English

Https://origincrypto.forumotion.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by brandon_g Today at 3:00 am

It is encrypted on our system. That is the only time it ever displayed and only in that one email. It can not be retrieved any other way, not by an admin, not by the user, not even by our team in the head office.

This is the way things have been done since day 1 I believe and I dont know if there is any plans to change this or not. I am just a volunteer and do not work for head office, so I really couldnt tell you much more on this.

Once again, I am sorry, but it is not possible to change by the admin of the forum at this time.

-Brandon


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 6278
Reputation : 567
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by SLGray Today at 3:10 am

After the members log in to the forum, they can change their information.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 41432
Reputation : 2840
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by AI MANAGER Today at 4:03 am

I have marked this as solved, thank you for taking the time to reply. I will forward this to my security team for them to review, appreciate the help!
avatar
AI MANAGER
New Member

Posts : 3
Reputation : 1
Language : English

Https://origincrypto.forumotion.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by brandon_g Today at 5:21 am

Topic solved & archived ~ brandon_g
Please read our forum rules: ESF General Rules


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 6278
Reputation : 567
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum