Bluelight

Thread: HTTPS login issues; possible security breaches

Results 1 to 2 of 2
  1. Collapse Details
    HTTPS login issues; possible security breaches 
    #1
    When connecting through HTTPS to BL, there are some...issues, whereby it doesn't recognize the password when username/PWD are inputted, using the login panel at the upper right corner of the screen. Not only that, but it also displays the password in plaintext, so I KNOW that the password has been correctly entered.

    The result is a failed login and being taken to a screen where it informs the user they have used 1/5 attempts to login within a period of time, and a username/pwd entry panel. Entering them here, works.

    This is concerning, given that if someone were to be sniffing the wire, they could capture capture and compare, plaintext vs encrypted data amounting to the same, the plaintext failing to work, but that the same data, as a hash etc. could be mapped onto the plaintext from the working encrypted version, possibly.

    If nothing else then it is at best a real pain in the arse. Only happens when making an HTTPS connection to the site, not via HTTP or bluelight.org without specifying.
    Reply With Quote
     

  2. Collapse Details
     
    #2
    Moderator
    Current Events & Politics

    Join Date
    Oct 2012
    Posts
    4,521
    What do you mean by "displays the password as plaintext"? Do you mean it sends it over the wire as plaintext?

    I don't know if this applies here, but I do know that most forum software, even if it's not over https, will encrypt the password client-side with Javascript before transmit. If that's not happening with the top right hand login that might be why it's having problems.

    I'm not in charge of anything I'm just curious, could you explain in greater detail what you're referring to exactly?
    Reply With Quote
     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may edit your posts
  •