CoSMOS 5.0 ADVANCED Gamehacking Tool (BETA) is now available. Faster Engine, VEH Debugger and more. [ DOWNLOAD ]   [ CLOSE ]

Feedback, Complaints or Problems

Signup   Message Boards Home   Newest Posts   My Favorite Boards   My Threads
Page 1 of 1
Signup or Login to Post
Please encrypt our login passwords
enigmatics  posted on May 24, 2017 10:37:43 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to enigmatics
I recently forgot my password for ch, so I used my email to retrieve it.
But I also noticed CH told me the ORIGINAL PASSWORD that I forgot, which means the password is not encrypted(or symmetrically encrypted) in website Database.

Although CH uses HTTPS to secure the connection, storing password in plain text is generally considered serious threat to user security, as nobody - including the users themselves and adminstrators - should be able to look up at.

Unencrypted, or symmetrically encrypted passwords are not the way to run a modern website. It imposes unneccesary threat to a user as people tend to share their password between different websites.

Please implement encryption on the password column of user table in your database. Password retrieval could be, perhaps should be, replaced by 'password reset' functionality. I love CH and I want it secure. Nobody would like to see mistakes like Adobe has made before repeated.

PWizard  posted on May 25, 2017 6:49:22 AM - Report post

Send a message to PWizard
This will be done eventually. Right now we utilize this information to help users that have lost their email, alias and other information that would basically cause them to have to re-purchase a membership. This is not a banking or other highly secure website. We do not store real names, any financial data, birthdates, etc. Only alias, email and password. We have 3 very restrictive firewalls, one being hardware and two being software to protect our web application. The entire site utilizes SSL as well as HSTS. The storing of passwords in plain text poses no threat to your online security if you utilize separate passwords for each website or application like you should be doing. There have been BILLIONS of user accounts compromised from huge organizations like Yahoo, Target, ebay, Home Depot, PSN, etc (Link. Except in these cases, criminals didn't get away with passwords, they got real names, birthdates, social security numbers, credit card numbers and a ton of other information that could be used to steal a person's entire identity. I remember one hack of like 500 MILLION accounts that kept everything in clear text, but at least the password was encrypted! Personally I would rather have my password leaked than ALL of my personal details like birthdate and social security number. I can change my password, I can't change that other stuff. If you are uncomfortable with our current security practices, I will be happy to delete your account along with all traces of it.
Page 1 of 1
  Post Reply
All times are (GMT -06:00) Central Time (US & Canada). Current time is 1:03:09 PM
Cheat Happens Premium
* Access PC trainers and exclusive content
* Updated game trainers and cheats daily
* Get notified when new cheats are added
* Request which games get new trainers
* Priority support with any problem
Message Board Moderators
Important Board Topics
Trending Topics