Security Issue - Displaying Password in Email
3 posters
Page 1 of 1
Security Issue - Displaying Password in Email
Technical Details
Forum version : #phpBB3
Position : Founder
Concerned browser(s) : , Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Safari, Other
Who the problem concerns : All members
Forum link : Https://origincrypto.forumotion.com
Description of problem
Hello, I am setting up a forum for a crypto currency to answer technical issues. However, upon creation sign ups on the site emails the users their passwords. This is a major security risk and my clients do not want to sign up risking their data.Is there any way I can disable this? If not I may ask for a refund as I purchased credits yesterday, a few hours before my development team notified me of the security risk.
Thanks in advance!
Last edited by AI MANAGER on January 16th 2018, 4:02 am; edited 1 time in total
Re: Security Issue - Displaying Password in Email
Hello,
The short answer to that is no it can not be changed. This is set up serverside and is not changeable.
I dont exactly see how this would be a security risk, unless the persons email is already hacked into or something, no one else would see the password and the person could simply delete the email immediatelly after it is read.
Anyway, sorry there is no way to change this.
-Brandon
The short answer to that is no it can not be changed. This is set up serverside and is not changeable.
I dont exactly see how this would be a security risk, unless the persons email is already hacked into or something, no one else would see the password and the person could simply delete the email immediatelly after it is read.
Anyway, sorry there is no way to change this.
-Brandon
Remember to mark your topic when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?
Team Leader
Review Section Rules | Request A Review | Sticker Points
Re: Security Issue - Displaying Password in Email
If my client has their email stolen and they forgot to delete the message their account will be completely compromised do to the forums link, login username and password all being included within one message. I would say that is a security issue.
It is international standard to always encrypt at least the password as soon as entered.
If there is no way to change it locally, I highly suggest It to be changed server side.
It is international standard to always encrypt at least the password as soon as entered.
If there is no way to change it locally, I highly suggest It to be changed server side.
Re: Security Issue - Displaying Password in Email
It is encrypted on our system. That is the only time it ever displayed and only in that one email. It can not be retrieved any other way, not by an admin, not by the user, not even by our team in the head office.
This is the way things have been done since day 1 I believe and I dont know if there is any plans to change this or not. I am just a volunteer and do not work for head office, so I really couldnt tell you much more on this.
Once again, I am sorry, but it is not possible to change by the admin of the forum at this time.
-Brandon
This is the way things have been done since day 1 I believe and I dont know if there is any plans to change this or not. I am just a volunteer and do not work for head office, so I really couldnt tell you much more on this.
Once again, I am sorry, but it is not possible to change by the admin of the forum at this time.
-Brandon
Remember to mark your topic when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?
Team Leader
Review Section Rules | Request A Review | Sticker Points
Re: Security Issue - Displaying Password in Email
After the members log in to the forum, they can change their information.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Security Issue - Displaying Password in Email
I have marked this as solved, thank you for taking the time to reply. I will forward this to my security team for them to review, appreciate the help!
Re: Security Issue - Displaying Password in Email
Topic solved & archived ~ brandon_g
|
Remember to mark your topic when a solution is found.
General Rules | Tips & Tricks | FAQ | Forgot Founder Password?
Team Leader
Review Section Rules | Request A Review | Sticker Points
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum