The forum of the forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Security Issue - Displaying Password in Email

3 posters

Go down

Solved Security Issue - Displaying Password in Email

Post by AI MANAGER January 16th 2018, 1:49 am

Technical Details


Forum version : #phpBB3
Position : Founder
Concerned browser(s) : , Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Safari, Other
Who the problem concerns : All members
Forum link : Https://origincrypto.forumotion.com

Description of problem

Hello, I am setting up a forum for a crypto currency to answer technical issues. However, upon creation sign ups on the site emails the users their passwords. This is a major security risk and my clients do not want to sign up risking their data.

Is there any way I can disable this? If not I may ask for a refund as I purchased credits yesterday, a few hours before my development team notified me of the security risk.

Thanks in advance!


Last edited by AI MANAGER on January 16th 2018, 4:02 am; edited 1 time in total
AI MANAGER
AI MANAGER
New Member

Posts : 3
Reputation : 1
Language : English

Https://origincrypto.forumotion.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by brandon_g January 16th 2018, 2:23 am

Hello,

The short answer to that is no it can not be changed. This is set up serverside and is not changeable.

I dont exactly see how this would be a security risk, unless the persons email is already hacked into or something, no one else would see the password and the person could simply delete the email immediatelly after it is read.

Anyway, sorry there is no way to change this.

-Brandon


Security Issue - Displaying Password in Email Brando10
Remember to mark your topic Security Issue - Displaying Password in Email Solved15 when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?

Security Issue - Displaying Password in Email Scre1476
Team Leader
Review Section Rules | Request A Review | Sticker Points
brandon_g
brandon_g
Manager
Manager

Male Posts : 10106
Reputation : 923
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by AI MANAGER January 16th 2018, 2:53 am

If my client has their email stolen and they forgot to delete the message their account will be completely compromised do to the forums link, login username and password all being included within one message. I would say that is a security issue.

It is international standard to always encrypt at least the password as soon as entered.

If there is no way to change it locally, I highly suggest It to be changed server side.
AI MANAGER
AI MANAGER
New Member

Posts : 3
Reputation : 1
Language : English

Https://origincrypto.forumotion.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by brandon_g January 16th 2018, 3:00 am

It is encrypted on our system. That is the only time it ever displayed and only in that one email. It can not be retrieved any other way, not by an admin, not by the user, not even by our team in the head office.

This is the way things have been done since day 1 I believe and I dont know if there is any plans to change this or not. I am just a volunteer and do not work for head office, so I really couldnt tell you much more on this.

Once again, I am sorry, but it is not possible to change by the admin of the forum at this time.

-Brandon


Security Issue - Displaying Password in Email Brando10
Remember to mark your topic Security Issue - Displaying Password in Email Solved15 when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?

Security Issue - Displaying Password in Email Scre1476
Team Leader
Review Section Rules | Request A Review | Sticker Points
brandon_g
brandon_g
Manager
Manager

Male Posts : 10106
Reputation : 923
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by SLGray January 16th 2018, 3:10 am

After the members log in to the forum, they can change their information.


Security Issue - Displaying Password in Email Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51464
Reputation : 3519
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by AI MANAGER January 16th 2018, 4:03 am

I have marked this as solved, thank you for taking the time to reply. I will forward this to my security team for them to review, appreciate the help!
AI MANAGER
AI MANAGER
New Member

Posts : 3
Reputation : 1
Language : English

Https://origincrypto.forumotion.com

Back to top Go down

Solved Re: Security Issue - Displaying Password in Email

Post by brandon_g January 16th 2018, 5:21 am

Topic solved & archived ~ brandon_g
Please read our forum rules: ESF General Rules


Security Issue - Displaying Password in Email Brando10
Remember to mark your topic Security Issue - Displaying Password in Email Solved15 when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?

Security Issue - Displaying Password in Email Scre1476
Team Leader
Review Section Rules | Request A Review | Sticker Points
brandon_g
brandon_g
Manager
Manager

Male Posts : 10106
Reputation : 923
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum