The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
|
|||
|
|||
plain password in header request?
Hi,
I understand that vBulletin hashes the password client-side using javascript. However, when I look at the headers sent by the browser, the plain password is still there, next to the md5 hash. What the heck is going on here? I'm using the 'live http headers' firefox extension and it tells me that the bottom part of the headers read like: Code:
Content-Type: application/x-www-form-urlencoded Content-Length: 195 do=login&url=%2Fvbulletin%2F&vb_login_md5password=5d4e049c1dd1f28e22ac940fed008c2a&vb_login_md5password_utf=5d4e049c1dd1f28e22ac940fed008c2a&s=&vb_login_username=erikp&vb_login_password=mysupersecretpassword |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|