Bitcoin Forum
April 20, 2018, 01:22:44 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum Login passwords not protected  (Read 959 times)
BitMofo
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 30, 2011, 06:33:03 PM
 #1

Hi,

On first attempt, passwords are secure, but if you get it wrong and login from loginattempt2, it is just straight http and easy to sniff!

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524187364
Hero Member
*
Offline Offline

Posts: 1524187364

View Profile Personal Message (Offline)

Ignore
1524187364
Reply with quote  #2

1524187364
Report to moderator
1524187364
Hero Member
*
Offline Offline

Posts: 1524187364

View Profile Personal Message (Offline)

Ignore
1524187364
Reply with quote  #2

1524187364
Report to moderator
TKHatch
Newbie
*
Offline Offline

Activity: 20
Merit: 0


View Profile
July 31, 2011, 09:31:54 AM
 #2

Smells fishy to me.
wumpus
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000

No Maps for These Territories


View Profile
July 31, 2011, 10:54:52 AM
 #3

Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
BitMofo
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 31, 2011, 12:58:14 PM
 #4

Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Exonumia
Full Member
***
Offline Offline

Activity: 190
Merit: 100



View Profile
July 31, 2011, 03:13:37 PM
 #5

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

I use KB SSL enforcer.

https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2996
Merit: 2968


View Profile
July 31, 2011, 11:23:08 PM
 #6

Cookies aren't marked as secure, either, so just visiting forum.bitcoin.org once with HTTP is enough to allow someone to hijack your account. I use NoScript to force HTTPS here.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!