BMW 1-Series Forum (F20) 135i - 1Addicts.com - View Single Post

The Wind Breezes · 08-27-2017, 10:05 PM

You're right. I just performed a packet capture of the site and login credentials are sent in plaintext although the username is hashed to md5. Not so good, and worse, it's hash WITHOUT A SALT! So it would be really easy to decode most user's passwords if you could grab their traffic. Or someone could insert their own page.

08-27-2017, 10:05 PM	#2
The Wind Breezes Lieutenant Colonel 912 Rep 1,850 Posts Drives: 135i N55 DCT Join Date: Apr 2015 Location: USA iTrader: (0)	You're right. I just performed a packet capture of the site and login credentials are sent in plaintext although the username is hashed to md5. Not so good, and worse, it's hash WITHOUT A SALT! So it would be really easy to decode most user's passwords if you could grab their traffic. Or someone could insert their own page.
	Appreciate 1 F32Fleet3571.50 Quote