VB credentials sent in plain text?
- Thread starter Rubycon
- Start date
- Status
SunnyD
Belgian Waffler
I believe the actual password is hashed client side and the hash is sent, but yes, in the clear.
But honestly, if you're using the same password here you're using on your "important" personal accounts (banking, etc), you have bigger problems to worry about.
But honestly, if you're using the same password here you're using on your "important" personal accounts (banking, etc), you have bigger problems to worry about.
- Aug 10, 2005
- 17,768
- 485
- 126
Heck no! Matter of fact that really isn't allowed due to some international law but that's another thing altogether. This is a concern in an another direction.
Red Squirrel
No Lifer
I just sniffed and I can confirm there is some kind of client side hashing that goes on before it sends the password, and the hash value does not match the one for the cookie. Otherwise one could sniff that and just add their own cookie.
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
If your web browser has javascript enabled you will use an MD5 hash on your password before you submit it, otherwise your password is sent in clear text.
Having either one is enough to gain access to to this site.
Red Squirrel
No Lifer
Actually yeah one could simply just submit the MD5 value in the proper POST field to log in.
- Status
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter