Kunena 6.3.0 released

The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3

This category is for general discussion about the Kunena Project or this website.

Please use other categories for questions about problems that you may be having with your website.

Solved Security Problem - emailing passwords

More
6 years 10 months ago #1 by WildLake
Security Problem - emailing passwords was created by WildLake
I'm pretty horrified that when I created an account on kunena, it emailed me my password. That's bad security on several levels. You should not be storing my password first of all (only a hash) and you should not be sending it over email, which is not secure. I noticed that this happens when users register for my kunena forum. Is there a way to turn that off on my end, and any plan to fix it on your end?

Please Log in or Create an account to join the conversation.

More
6 years 10 months ago #2 by 810
Replied by 810 on topic Security Problem - emailing passwords
We store only hashed password, there is no other password stored elsewhere.

Please read: www.ostraining.com/blog/joomla/passwords-emails/

Please Log in or Create an account to join the conversation.

More
6 years 10 months ago #3 by WildLake
Replied by WildLake on topic Security Problem - emailing passwords
Hashes can't be reversed to the original content (good hashes, anyway), so then how is it possible that you are emailing my password back to me? Or the people that register on my site?

Please Log in or Create an account to join the conversation.

More
6 years 10 months ago #4 by WolfgangOWL
Replied by WolfgangOWL on topic Security Problem - emailing passwords

WildLake wrote: Hashes can't be reversed to the original content (good hashes, anyway), so then how is it possible that you are emailing my password back to me? Or the people that register on my site?


You are barking the wrong tree. Kunena does not send the registration emails and therefore it does not send passwords. This is done by Joomla. If you don't want passwords sent to newly registered users set "Send Password" in Joomla User Options to "No".

And Joomla does not reverse the stored (hashed) password. It simply sends the content of the password field which was filled in by the user with the registration email if "Send Password" is set to "Yes".
www.scrollsawprojects.net
The following user(s) said Thank You: WildLake

Please Log in or Create an account to join the conversation.

Time to create page: 0.510 seconds