2019-09-20, 11:26 AM
2019-09-20, 01:10 PM
Have alook at the the following files and lines for the password being encrypted and salted.
./inc/functionss_user.php:
Line 172:
Line 209:
./inc\datahandlers/user.php
Here you can find several password functions verify, generating.
To make the password really plaintext, remove md5 functions and mind the salt.
[ExiTuS]
./inc/functionss_user.php:
Line 172:
Line 209:
./inc\datahandlers/user.php
Here you can find several password functions verify, generating.
To make the password really plaintext, remove md5 functions and mind the salt.
[ExiTuS]
2019-09-20, 01:47 PM
(2019-09-20, 11:26 AM)Theorie Wrote: [ -> ]Is there a way to change the mybb password algorithm make plaintext?
That's a terrible idea. Passwords should never, ever be stored in plaintext. Never ever ever.
2019-09-20, 02:00 PM
i know but we are like 50 players not much
2019-09-21, 06:42 AM
That's a really sketchy thing to do... What are your intentions?
2019-09-21, 08:03 AM
(2019-09-20, 02:00 PM)Theorie Wrote: [ -> ]i know but we are like 50 players not much
Don’t care if it’s just you and your mother; you do not make passwords plaintext.
Users are stupid. They re-use passwords. You get breached, those passwords are now out in the open.
2019-09-22, 10:34 PM
(2019-09-20, 02:00 PM)Theorie Wrote: [ -> ]i know but we are like 50 players not much
Let's say there are two players, you and your friend. Your passwords are stored in plaintext and your friend uses the same password for his online bank. The hacker transfers all his money out of his account and now your friend can't afford to pay his rent or buy food.
Actions have consequences.