Discussions related to Infosec.pub

1256 readers

1 users here now

founded 2 years ago

MODERATORS

jerry

Passwords sent as plaintext? (self.infosecpub)

submitted 2 years ago by iamak to c/infosecpub

20 comments fedilink hide all child comments

I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?

you are viewing a single comment's thread
view the rest of the comments

[–] clb92@kbin.social 15 points 2 years ago (12 children)

The server needs to receive your password to verify it and log you it. That's how it always is. As long as you are connecting via HTTPS, this is not a problem.

permalink
fedilink
source
hideshow 15 child comments

[–] iamak 3 points 2 years ago* (last edited 2 years ago) (9 children)

Why not hash it client side? Edit: Isn't SSL vulnerable to MITM attacks? (I am a noob in this field)

permalink
fedilink
source
parent
hideshow 11 child comments

load more comments (7 replies)

load more comments (9 replies)