Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.
this post was submitted on 28 Sep 2023
323 points (75.7% liked)
Games
31987 readers
1543 users here now
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Weekly Threads:
Rules:
-
Submissions have to be related to games
-
No bigotry or harassment, be civil
-
No excessive self-promotion
-
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
-
Mark Spoilers and NSFW
-
No linking to piracy
More information about the community rules can be found here.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Sending your password right after you created it might not be best practice, but it doesn't mean it's stored unhashed in the database. It looks like they're using a third party forum software, so it should be pretty straightforward to figure out whether they do or not.
Looks like they address it here: https://forums.larian.com/ubbthreads.php?ubb=showflat&Number=669268#Post669268
Not really since it's closed-source: https://www.ubbcentral.com/
But they seem to have been in business since 1997, so I highly doubt that they'd fuck up the "never store passwords in plain text" rule.
Yeah, I was looking it up, and when I saw they've been selling this forum software since 1997 I was less confident about passwords being hashed. They address it in their forums and they're making it clear that the passwords are actually hashed, and they're looking at migrating to other solutions regardless.
That thread is from 2020, where they said they fixed the password send issue.
Op, how old is ths image above?
Image was taken immediately before posting. The issue, apparently, has since shown up again.