MyBB Community Forums

Full Version: Tabbed Menu (Labrocca) Vuln
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
One of my users just reported this to me via PM:


"Vega detected a form with a password input field that submits to an insecure (HTTP) target. Password values should never be sent in the clear across insecure channels. This vulnerability could result in unauthorized disclosure of passwords to passive network attackers. "


Is this vulnerable?
One of your users should stop using vulnerability scanners, especially considering they don't understand the output.

That's nothing to worry about and has nothing to do with the Tabbed Menu plugin. It simply means you aren't using TLS (https).
(2014-02-11, 12:37 AM)Nathan Malcolm Wrote: [ -> ]One of your users should stop using vulnerability scanners, especially considering they don't understand the output.

That's nothing to worry about and has nothing to do with the Tabbed Menu plugin. It simply means you aren't using TLS (https).

It leads back to a .js file for the Tabbed Menu plugin. Are you absolutely sure this can't be abused?
Positive. All it means is you're not using TLS. There's no vulnerability or anything you need to be worried about.