×
Kunena 5.1 Released (13 May 2018)

The Kunena team is pleased to announce Kunena 5.1.0 [K 5.1.0].
Please read the blog post for information: www.kunena.org/blog/192-kunena-5-1-released

× This category is for general discussion about the Kunena Project or this website.

Please use other categories for questions about problems that you may be having with your website.

Solved Security Problem - emailing passwords

More
11 months 1 week ago #1 by WildLake
I'm pretty horrified that when I created an account on kunena, it emailed me my password. That's bad security on several levels. You should not be storing my password first of all (only a hash) and you should not be sending it over email, which is not secure. I noticed that this happens when users register for my kunena forum. Is there a way to turn that off on my end, and any plan to fix it on your end?

Please Log in or Create an account to join the conversation.

More
11 months 1 week ago #2 by 810
We store only hashed password, there is no other password stored elsewhere.

Please read: www.ostraining.com/blog/joomla/passwords-emails/

Please Log in or Create an account to join the conversation.

More
11 months 1 week ago #3 by WildLake
Hashes can't be reversed to the original content (good hashes, anyway), so then how is it possible that you are emailing my password back to me? Or the people that register on my site?

Please Log in or Create an account to join the conversation.

More
11 months 1 week ago #4 by WolfgangOWL

WildLake wrote: Hashes can't be reversed to the original content (good hashes, anyway), so then how is it possible that you are emailing my password back to me? Or the people that register on my site?


You are barking the wrong tree. Kunena does not send the registration emails and therefore it does not send passwords. This is done by Joomla. If you don't want passwords sent to newly registered users set "Send Password" in Joomla User Options to "No".

And Joomla does not reverse the stored (hashed) password. It simply sends the content of the password field which was filled in by the user with the registration email if "Send Password" is set to "Yes".
The following user(s) said Thank You: WildLake

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.089 seconds