Passwords sent as plaintext? (infosec.pub)

submitted 1 year ago by iamak@infosec.pub to c/infosecpub@infosec.pub

23 comments fedilink hide all child comments

I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?

you are viewing a single comment's thread
view the rest of the comments

[-] clb92@kbin.social 5 points 1 year ago

The server would never see a plain text version of your password.

As you realized in your edit already, this part is not correct. The server would always receive your password plaintext (when signing up and when logging in), but only store it hashed and salted.

permalink
fedilink
source
parent

this post was submitted on 18 Jul 2023

13 points (100.0% liked)

Discussions related to Infosec.pub

1128 readers

24 users here now

founded 1 year ago

MODERATORS

jerry@infosec.pub