Bitcoin Forum
December 03, 2016, 09:58:05 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum Login passwords not protected  (Read 886 times)
BitMofo
Member
**
Offline Offline

Activity: 112


View Profile
July 30, 2011, 06:33:03 PM
 #1

Hi,

On first attempt, passwords are secure, but if you get it wrong and login from loginattempt2, it is just straight http and easy to sniff!

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
1480759085
Hero Member
*
Offline Offline

Posts: 1480759085

View Profile Personal Message (Offline)

Ignore
1480759085
Reply with quote  #2

1480759085
Report to moderator
1480759085
Hero Member
*
Offline Offline

Posts: 1480759085

View Profile Personal Message (Offline)

Ignore
1480759085
Reply with quote  #2

1480759085
Report to moderator
1480759085
Hero Member
*
Offline Offline

Posts: 1480759085

View Profile Personal Message (Offline)

Ignore
1480759085
Reply with quote  #2

1480759085
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
TKHatch
Newbie
*
Offline Offline

Activity: 20


View Profile
July 31, 2011, 09:31:54 AM
 #2

Smells fishy to me.
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 31, 2011, 10:54:52 AM
 #3

Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
BitMofo
Member
**
Offline Offline

Activity: 112


View Profile
July 31, 2011, 12:58:14 PM
 #4

Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Exonumia
Full Member
***
Offline Offline

Activity: 190



View Profile
July 31, 2011, 03:13:37 PM
 #5

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

I use KB SSL enforcer.

https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
July 31, 2011, 11:23:08 PM
 #6

Cookies aren't marked as secure, either, so just visiting forum.bitcoin.org once with HTTP is enough to allow someone to hijack your account. I use NoScript to force HTTPS here.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!