Bitcoin Forum
May 13, 2024, 07:51:52 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Meta > Forum Login passwords not protected
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Forum Login passwords not protected  (Read 1062 times)
BitMofo (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 30, 2011, 06:33:03 PM
 #1
Hi,

On first attempt, passwords are secure, but if you get it wrong and login from loginattempt2, it is just straight http and easy to sniff!
1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715586712
Hero Member
*
Offline Offline

Posts: 1715586712

View Profile Personal Message (Offline)

Ignore
1715586712
1715586712
Reply with quote  #2
1715586712
Report to moderator
1715586712
Hero Member
*
Offline Offline

Posts: 1715586712

View Profile Personal Message (Offline)

Ignore
1715586712
1715586712
Reply with quote  #2
1715586712
Report to moderator
TKHatch
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
July 31, 2011, 09:31:54 AM
 #2
Smells fishy to me.
wumpus
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
July 31, 2011, 10:54:52 AM
 #3
Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
BitMofo (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 31, 2011, 12:58:14 PM
 #4
Quote from: John Smith on July 31, 2011, 10:54:52 AM
Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?
1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Exonumia
Full Member
***
Offline Offline

Activity: 189
Merit: 101



View Profile
July 31, 2011, 03:13:37 PM
 #5
Quote from: BitMofo on July 31, 2011, 12:58:14 PM
Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

I use KB SSL enforcer.

https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5194
Merit: 12983


View Profile
July 31, 2011, 11:23:08 PM
 #6
Cookies aren't marked as secure, either, so just visiting forum.bitcoin.org once with HTTP is enough to allow someone to hijack your account. I use NoScript to force HTTPS here.
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
Bitcoin Forum > Other > Meta > Forum Login passwords not protected
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!