Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • @Miclux
    link
    English
    -131 year ago

    deleted by creator

      • @Miclux
        link
        English
        31 year ago

        Show me where the proof is that they STORE it plain text. This is just a screen of a mail after creating an account.

        • @Cabrio@lemmy.worldOP
          link
          fedilink
          English
          -7
          edit-2
          1 year ago

          They can’t send it if they haven’t stored it, that’s the proof. Whether temporary or not it’s a weakness and attack vector for obtaining unhashed passwords. And if they stored it, it should be immediately hashed at which point they can’t send it.

          • Rikudou_SageA
            link
            English
            81 year ago

            That… is not how it works. It is usually hashed and at the same time an email is sent. Meaning it’s not stored plaintext in any storage.

            • @redcalcium@lemmy.institute
              link
              fedilink
              English
              01 year ago

              Plenty of website did this… more than a decade ago, and even then plenty of security conscious people writing blogs and posting on social media begging devs to stop doing this.

            • @Cabrio@lemmy.worldOP
              link
              fedilink
              English
              -71 year ago

              You’ll forgive me for not trusting anyone who can tell me my password that isn’t me.

              • @Miclux
                link
                English
                31 year ago

                That’s a totally different statement than that in your post.

          • @towerful@programming.dev
            link
            fedilink
            English
            4
            edit-2
            1 year ago

            They can still send it while the value is in memory.
            But it’s unlikely that emails are sent synchronously. At which point, it has to be added to a job queue somewhere which might not be in memory.
            There is also the communication with that job queue, and logging along the way, and any email logging.
            Email isn’t secure, either.

            So, it bad practice regardless.

            Thankfully larian did address this, and fixed the issue as pointed out by another commenter.
            Addressed here, with the follow up of fixing it:
            https://forums.larian.com/ubbthreads.php?ubb=showflat&Number=669268#Post669268

            And that was back in 2020. 3 years ago.

          • voxel
            link
            fedilink
            English
            3
            edit-2
            1 year ago

            they can send it without storing. In fact a lot of websites (mostly small outdated forum systems) send your password to your email before storing it.

          • @Miclux
            link
            English
            21 year ago

            It’s so sad that you spread misinformation based on your inadequate knowledge.