|
Post by hamilcarr on Jul 11, 2022 22:12:04 GMT
Hey guys , not a scambaiting topic , I didn't know where to put this , so I put it here:
the login page of the forum differentiates between a wrong password and wrong username. This could allow a malicious person to check for valid passwords a bit more easily , because the message indicating that a password is false imply that the username is correct. since the forum has thousands of users , a part of which may use a weak password , as well as the same username on multiple platforms , you can imagine the impact of a leak. I know most of the scammers you guys are baiting have the IQ of a drunk chimpanzee , but this doesn't mean you won't stumble on someone who is a bit more capable with a computer , that can use google , find this forum , and make a mess. I would suggest changing the error message to something more generic like "The credentials are not found" . Cheers
|
|
|
Post by Linoline on Jul 12, 2022 7:42:20 GMT
Thank you for bringing this to our attention!
|
|