WingNews logo WingNews
top | item 40918547

(no title)

ftrobro | 1 year ago

Don't most websites send passwords in plaintext for login and rely on the connection being HTTPS for having any security at all? I don't like that, but seems to be very common, so I'm not surprised about the plaintext part of this article. But that the passwords are at all sent to a server, that did surprise me, good to know.

discuss

order

sofixa|1 year ago

Plaintext can mean a few things - encrypted in transit using an HTTPS connection means it's no longer plaintext.

abadpoli|1 year ago

The article and source material are light on details here. My guess is that it is using HTTPS, but the researchers saw the plaintext password in the request and assumed “password in plaintext always bad”.

If the app isn’t using HTTPS, then the story would be much bigger than just the password being plaintext.