Comment on Larion Studios forum stores your passwords in unhashed plaintext.
jonne@infosec.pub 1 year ago
Sending your password right after you created it might not be best practice, but it doesn’t mean it’s stored unhashed in the database. It looks like they’re using a third party forum software, so it should be pretty straightforward to figure out whether they do or not.
AlmightySnoo@lemmy.world 1 year ago
Not really since it’s closed-source: www.ubbcentral.com
But they seem to have been in business since 1997, so I highly doubt that they’d fuck up the “never store passwords in plain text” rule.
jonne@infosec.pub 1 year ago
Yeah, I was looking it up, and when I saw they’ve been selling this forum software since 1997 I was less confident about passwords being hashed. They address it in their forums and they’re making it clear that the passwords are actually hashed, and they’re looking at migrating to other solutions regardless.
mosiacmango@lemm.ee 1 year ago
That thread is from 2020, where they said they fixed the password send issue.
Op, how old is ths image above?
Cabrio@lemmy.world 1 year ago
Image was taken immediately before posting, the issue, apparently, has since shown up again.