Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.
this post was submitted on 28 Sep 2023
323 points (75.7% liked)
Games
32918 readers
1860 users here now
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Weekly Threads:
Rules:
-
Submissions have to be related to games
-
No bigotry or harassment, be civil
-
No excessive self-promotion
-
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
-
Mark Spoilers and NSFW
-
No linking to piracy
More information about the community rules can be found here.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Maybe I'm misunderstanding you, but backend servers will almost always have the user-submitted password in plaintext as a variable, accessible to the backend server and any upstream proxies.
It's even how it's done in Lemmy. The bcrypt verify accepts the plaintext password and the expected salted hash.
Yes, which is why they're vulnerable to mitm and local sniffer attacks.
Have you found a mitm attack on TLS?
I haven't looked into it but I was wondering about the logistics of setting up a federated honeypot for server side stream sniffing to build a plaintext email/password database.