1. Are you ready for the Galaxy S20? Here is everything we know so far!

Credentials in plain text

Discussion in 'Suggestion Box & Feedback' started by aurora40, Jul 13, 2012.

  1. aurora40

    aurora40 Android Enthusiast
    Thread Starter

    After the password breach/notification banner, I started to look a bit closer at things. When logging into AF, it is not over SSL (I'm sure the reason for that is money). But more than that, it POSTs the password in plain text. I believe vBulletin allows for sending MD5-hashed credentials instead, it may just need a configuration change.

    Granted this is still in plain text over the wire, but you are giving up more info with the unhashed password. Anyone with my password can also get the hash, and possibly can get other passwords/security questions/social-engineer more info about me. Anyone with the hash cannot reasonably get my password, they can only get access to AndroidForums as me.
     


    EarlyMon likes this.
  2. TVictory

    TVictory Well-Known Member


    Thank you. We are working out a solution for this.
     
    EarlyMon likes this.
Loading...

Share This Page

Loading...