The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
plain password in header request?
Hi,
I understand that vBulletin hashes the password client-side using javascript. However, when I look at the headers sent by the browser, the plain password is still there, next to the md5 hash. What the heck is going on here? I'm using the 'live http headers' firefox extension and it tells me that the bottom part of the headers read like: Code:
Content-Type: application/x-www-form-urlencoded Content-Length: 195 do=login&url=%2Fvbulletin%2F&vb_login_md5password=5d4e049c1dd1f28e22ac940fed008c2a&vb_login_md5password_utf=5d4e049c1dd1f28e22ac940fed008c2a&s=&vb_login_username=erikp&vb_login_password=mysupersecretpassword |
#2
|
||||
|
||||
Either, you've modified that part of the template, you've modified the JavaScript that goes behind it, or just that the browser is doing something wonky (trust me, it happens). Clear your cookies/cache and see if it still happens.
The likelyhood of someone actually peering into your data is pretty unlikely. |
#3
|
|||
|
|||
I did modify some templates but I don't think I modified the login template.. do you know where I can find that part?
I've cleared the cookies, cache, tried IE as well. I didn't touch the javascript at all... I looked what's going on in the md5hash function that is called on submit, and it looks like this: Code:
function md5hash(input, output_html, output_utf, skip_empty) { (..) if (!skip_empty) { // implemented like this to make sure un-updated templates behave as before input.value = ''; } } return true; } |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|