Bitcoin Forum
February 22, 2017, 06:34:48 AM *
News: Latest stable version of Bitcoin Core: 0.13.2  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum Login passwords not protected  (Read 915 times)
BitMofo
Member
**
Offline Offline

Activity: 112


View Profile
July 30, 2011, 06:33:03 PM
 #1

Hi,

On first attempt, passwords are secure, but if you get it wrong and login from loginattempt2, it is just straight http and easy to sniff!

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
TKHatch
Newbie
*
Offline Offline

Activity: 20


View Profile
July 31, 2011, 09:31:54 AM
 #2

Smells fishy to me.
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 31, 2011, 10:54:52 AM
 #3

Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
BitMofo
Member
**
Offline Offline

Activity: 112


View Profile
July 31, 2011, 12:58:14 PM
 #4

Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Exonumia
Full Member
***
Offline Offline

Activity: 190



View Profile
July 31, 2011, 03:13:37 PM
 #5

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

I use KB SSL enforcer.

https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2576


View Profile
July 31, 2011, 11:23:08 PM
 #6

Cookies aren't marked as secure, either, so just visiting forum.bitcoin.org once with HTTP is enough to allow someone to hijack your account. I use NoScript to force HTTPS here.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!