Toby could be at risk

When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /member.php/1004277-Toby.

The impact of this vulnerability
Possible sensitive information disclosure

Password type input named vb_login_password from form with ID navbar_loginform with action login.php?do=login has autocomplete enabled.

How to fix this vulnerability
The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

Nae bawhair Joe

 

it seems you are at risk aswell peter.

 

wtf is this tripe

 

Whats life if you don't take a few risks now and again

 

User credentials are not encrypted when they are transmitted.
This vulnerability affects /member.php/873-UserName1882 (GET ).

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

It seems that user credentials are sent to /login.php in clear text.

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

i understand all of this

 

Those pesky third parties

 

have a day off ed

 

Is that how my harmless picture of a bling pigeon on Eriks wall, turned into someone frantically beating themselves off?

 

eddieveee, you're one seriously boring knacker.

please log in to view this image

Refer to part 1

 

So you think you're a hacker too eddieeee? Deluded little ****

 

So much hatred.

Where's the love Toby?