Shocking discovery after installation

James Murphy Posted in Technical Support 8 years ago

Hello guys, I just installed OSSN for the first time and guess what my password is showing up on the login page. It is in stars but can be copied, please help me to fix this.

Replies
German Michael Zülsdorff Replied 8 years ago

> WOW...........

> HUUUUGE VULNERABILITY.

It would be helpful if you could provide your browser brand and settings instead.
Please, read the forum terms (again) you agreed to - especially how to report a bug.

As Arsalan already stated, Ossn delivers a completely empty form with the login page. And if your browser gets it somehow managed to remember what has been typed in - disable that mechanism.

us Mike Giller Replied 8 years ago

You guys need to fix that. Its saving the field data at the sign up. As Arsalan said, After you clear the cache its gone but you have to know to do that or else anyone with access to your browser can steal the password. INC THE ADMIN PASS

us Mike Giller Replied 8 years ago

Text box inputs that are type="password" should not be able to be copied.

the designers either did not set this or their code is broken.

WOW...........

us Mike Giller Replied 8 years ago

Nope. It is a for sure Bug.

After you log out, your credentials are left in the username and password box.
The password field uses the password chars to hide it but if you just copy the password field and paste it in anywhere you can see the password.

HUUUUGE VULNERABILITY.

Indonesian Arsalan Shah Replied 8 years ago

It seems your browser have some issues, try to use chrome/firefox and clear all of data history on it. OSSN didn't show passwords to anyone, in fact, the passwords stored in OSSN system isn't readable by anyone even site owner its encrypted and can not be decrypted. So please change your browser.