Sign up with Google
wrathdelivery
Active Member
- Joined
- Aug 7, 2006
- Messages
- 52
I noticed that Vox client portal is not hashing passwords. I know this because requesting your password via the "forgot my password" feature emails you your existing password in the clear. Furthermore, individual service passwords (such as ADSL etc) are also shown in the clear in the portal.
This is obviously a fairly bad security design as anyone that obtains physical access to the password file or database can see everyone's passwords.
Anyone using their system should be sure to use a UNIQUE password and not reuse a password from any other service they use as a minimum to mitigate this weakness.
Vox, please address this security issue. I know it costs money, but when you get hacked and a clear text password database gets posted online the cost to your brand will be bigger.
ALL passwords should be stored hashed using a proper password-grade hashing algorithm. No system should EVER be able to show you a clear text version of your existing password and should ALWAYS use a reset mechanism to a NEW password should you forget your password.
This is obviously a fairly bad security design as anyone that obtains physical access to the password file or database can see everyone's passwords.
Anyone using their system should be sure to use a UNIQUE password and not reuse a password from any other service they use as a minimum to mitigate this weakness.
Vox, please address this security issue. I know it costs money, but when you get hacked and a clear text password database gets posted online the cost to your brand will be bigger.
ALL passwords should be stored hashed using a proper password-grade hashing algorithm. No system should EVER be able to show you a clear text version of your existing password and should ALWAYS use a reset mechanism to a NEW password should you forget your password.
