vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   plain password in header request? (https://vborg.vbsupport.ru/showthread.php?t=170292)

erikp 02-12-2008 08:42 AM
plain password in header request?
 
Hi,

I understand that vBulletin hashes the password client-side using javascript. However, when I look at the headers sent by the browser, the plain password is still there, next to the md5 hash. What the heck is going on here?

I'm using the 'live http headers' firefox extension and it tells me that the bottom part of the headers read like:
Code:
Content-Type: application/x-www-form-urlencoded
Content-Length: 195
do=login&url=%2Fvbulletin%2F&vb_login_md5password=5d4e049c1dd1f28e22ac940fed008c2a&vb_login_md5password_utf=5d4e049c1dd1f28e22ac940fed008c2a&s=&vb_login_username=erikp&vb_login_password=mysupersecretpassword
I need *some* kind of encryption, and since ssl also seems to be a problem, I'm kind of wondering what's going on..

Dismounted 02-12-2008 09:06 AM
Either, you've modified that part of the template, you've modified the JavaScript that goes behind it, or just that the browser is doing something wonky (trust me, it happens). Clear your cookies/cache and see if it still happens.

The likelyhood of someone actually peering into your data is pretty unlikely.

erikp 02-12-2008 09:21 AM
I did modify some templates but I don't think I modified the login template.. do you know where I can find that part?

I've cleared the cookies, cache, tried IE as well. I didn't touch the javascript at all...

I looked what's going on in the md5hash function that is called on submit, and it looks like this:

Code:
function md5hash(input, output_html, output_utf, skip_empty)
{
 
  (..)

 if (!skip_empty)
 {
 // implemented like this to make sure un-updated templates behave as before
 input.value = '';
 }
 }

 return true;
}
I checked the skip_empty boolean and it has the value true... what would that mean?


All times are GMT. The time now is 04:54 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01042 seconds
  • Memory Usage 1,710KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete