|
Gammae/Fame Dollars showing me my password over http
It's 2018, please - can affiliate programs start to tighten up their security? Why do you have my plaintext password stored anywhere? Why can I not access your website via https?
https://i.imgur.com/LLijtOH.png Crazy. |
And I just realized they truncated my password to 16 characters... =/
|
If you saw your password right after you signed up, it doesn't mean your password isn't hashed and stored.
Maybe be just showing $_POST data. |
Try the forgot password function. If your password is emailed to you it's stored plaintext. If it's reset to something else it suggests they most likely are only storing a hash.
|
When I tried last time, the old pass was emailed with "forgot password". And it was truncated.
So the OP is right I believe :-( - they store plaintext passes - truncate them, not allowing proper password strength - use plain HTTP, no encryption |
Quote:
It's not like I reuse passwords, but lax security here suggests lax security elsewhere. |
Thanks for pointing out the issues that we have with the cash program. While we have already moved our paysites over to an https model, we are currently in the process of finding a solution to improve the security and user-experience of our cash programs as well.
As soon as we launch improvements, we will make sure to let our affiliates know |
Bump for business :thumbsup
|
| All times are GMT -7. The time now is 04:26 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc