this post was submitted on 18 Jul 2023
10 points (81.2% liked)

Discussions related to Infosec.pub

1122 readers
1 users here now

founded 1 year ago
MODERATORS
 

I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 1 year ago (12 children)

The server needs to receive your password to verify it and log you it. That's how it always is. As long as you are connecting via HTTPS, this is not a problem.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (9 children)

Why not hash it client side? Edit: Isn't SSL vulnerable to MITM attacks? (I am a noob in this field)

[–] [email protected] 3 points 1 year ago (2 children)

Not the original commenter but if someone is listening in on your connection it doesn't really add any security. The hacker would be able to just send the hashed password instead of the plain text and would be able to login.

The hashing algorithm would be public facing so its easily reversible anyway.

[–] [email protected] 2 points 1 year ago

Oh okay makes sense thanks!

Why would the hash be reversible? SHA256 is public and it's not reversible

load more comments (1 replies)
load more comments (7 replies)
load more comments (9 replies)