Massive Afrihost security flaw exposed

[Rickster]

Great suggestion. The feature to lock in CLIDs in ClientZone rolled out last night. Go check it out.

Has this been pulled? I saw it this afternoon but now its not there.

 

[AfriFella]

Has this been pulled? I saw it this afternoon but now its not there.

It's being rolled out in batches. Try logging out and back in again. If you still don't see it, let me know and I'll query it with our developers.

 

[AfriFella]

This. I hope our details are really well taken care of

It definitely is. Please see my response here.

 

[GraemeT]

My company lost hundreds of emails not received on 26 March (although the senders received successful delivery reports). Could this be related?!! Anyway, despite the seriousness of the issue, no joy or urgency from Afrihost thus far. I am sure they are hoping this will just be quietly swept under the rug. Did anyone else experience lost mails?
Can you guess how many unhappy people there would be in your company if hundreds of emails are sent to you and none received, with the senders getting nice but incorrect successful delivery reports!!!

 

[mercurial]

First...

We also don't store passwords in plain text. These are always encrypted.

My one and only question is, can your support staff decrypt the password for a clients adsl account?

Then...

They could in the past, and we always tried to balance the needs of our clients with security. We've since removed that and our agents cannot view or change passwords (as far as I am aware).

Our passwords have always been encrypted. We have never stored passwords in plain text. Please check out our response to the Fin24 article here.

So, what is it?

 

[ToxicBunny]

First...





Then...





So, what is it?

They're encrypted, but its easily decryptable... or was... (not sure of the current standing in the back end systems obviously)