NaN@lemmy.sdf.orgtoProgramming@programming.dev•OP finds vulnerability where a forum sends you your password in plaintext over email and everyone misses the forest for the treesEnglish
8·
1 year agoAn issue if you’re reusing passwords. If not, every forgot my password email is also vulnerable.
A combination of bad practices could be… bad.
Edit: apparently around the same time, their forum was also lacking https. This would be an even easier vector.
The one they were sending at registration was prior to hashing. It would not be reversible afterwards.