Remember me
Register
Back to forum: This Plaza


Search forums via Google


14 Users appreciate this thread.

! Security Advisory - PZ1 !
 <<  <>  >>
Started by NodePoint
(2016-05-16 23:33:29)
NodePoint (2016-05-19 07:49:04)
^^ It could be seen an an announcement but it is literally about the site and this forum is more active than the announcement forum and so it would be most appropriate to have it up in this forum.
Pentester, web developer, artist, and tech enthusiast.
My site
wellsandlava (2016-05-20 10:03:25)
Why on earth do you guys not use encryption for storing the data? I ask this because of how you explained what an attacker could have access too.

This post has been edited one or more times, the last time was:
2016-05-20 10:04:06

This account is under a new owner
Leviathan (2016-05-20 10:19:37)
Given that I use different passwords for every website, the only thing they will be finding out is my IP address and my E-mail.


To be honest, I knew about this a long time ago and tried to tell people, but nobody listened. Someluigi acted like he did but never apparently did anything about it.
I'm an open book, there are few questions I won't answer honestly, no matter how embarrassing.
NodePoint (2016-05-20 10:23:46)
^ They would also have your password hash but for this site.
^^ The passwords are hashed, not encrypted (and they should not be encrypted).
Regardless, the authentication method used involves storing a cookie of the member ID and hashed password. This password cookie can have its hash easily replaced by something else. So that would be how one can get in once getting hold of such information.

Just be glad that the actual password (as in plaintext) cannot be obtained.

This post has been edited one or more times, the last time was:
2016-05-20 10:29:49

Pentester, web developer, artist, and tech enthusiast.
My site
wellsandlava (2016-05-20 10:29:11)
Encryption.... for other content stored... IE : IP, e-mail, messages, private chats, etc. I'd hate for people to be able to read pm's from other people's relationships.
This account is under a new owner
NodePoint (2016-05-20 10:35:11)
^ They should not be online dating here anyway. Whoever does it would do it in their own risk.
Even if those were to be encrypted, they would still be able to be accessed if the user gains access to that user's account which really is not hard once you get hold of the required information. (Assuming that the password would not be asked for before-hand and the actual value would not be stored in a cookie.)
Pentester, web developer, artist, and tech enthusiast.
My site
wellsandlava (2016-05-20 10:39:00)
"They should not be online dating here"

Why's that?

I do understand
This account is under a new owner
Leviathan (2016-05-20 13:35:52)
^ Because A. Thats immature and stupid as . and B. We have it in the rules not to do so. And C. Were getting hacked, thats why people shouldn't have been online dating. I myself know for a fact that whoever decides to inject the website is getting a ton of child porn for Christmas.

This post has been edited one or more times, the last time was:
2016-05-20 13:36:15

I'm an open book, there are few questions I won't answer honestly, no matter how embarrassing.
wellsandlava (2016-05-20 21:14:20)
Lol
This account is under a new owner
XxFuzzballxX (2016-05-21 06:49:52)
Good to know. I had better change my password since it's been the same since I joined.
hi again
PopCorn (2016-05-23 17:45:02)
Thanks.I been a plazian for a long time so im gonna change my password just in case. and Again,thx for telling us
Popcorn
Vectrex (2016-05-24 19:04:02)
Damn. Looks like I'mma change my password.
Discord: Luna#5707
Twitter: @LunaDook
TheLucarioKid (2016-05-29 14:24:13)
I use a temporary email address here, so the only thing users can get is my IP address.
Illuminati (2016-06-03 04:33:39)
trash
memes
CRIULISES (2016-06-04 06:33:57)
Don't worry men
Doneros Que No Engordan :v
<<  < >  >>

This topic is closed, so you can not post a comment.

This topic's ID: 82592

Back to forum: This Plaza