×
Kunena 5.1 RC 3 Released (16 Feb 2018)

The Kunena team is proud to announce the arrival of Kunena 5.1.0 RC3 [K 5.1.0] which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a RC release.

× This category is for general discussion about the Kunena Project or this website.

Please use other categories for questions about problems that you may be having with your website.

Solved Security Problem - emailing passwords

More
8 months 5 days ago #1 by WildLake
WildLake created the topic: Security Problem - emailing passwords
I'm pretty horrified that when I created an account on kunena, it emailed me my password. That's bad security on several levels. You should not be storing my password first of all (only a hash) and you should not be sending it over email, which is not secure. I noticed that this happens when users register for my kunena forum. Is there a way to turn that off on my end, and any plan to fix it on your end?

Please Log in or Create an account to join the conversation.

More
8 months 5 days ago #2 by 810
810 replied the topic: Security Problem - emailing passwords
We store only hashed password, there is no other password stored elsewhere.

Please read: www.ostraining.com/blog/joomla/passwords-emails/

Your feedback on the JED helps us improve Kunena!

Please Log in or Create an account to join the conversation.

More
8 months 5 days ago #3 by WildLake
WildLake replied the topic: Security Problem - emailing passwords
Hashes can't be reversed to the original content (good hashes, anyway), so then how is it possible that you are emailing my password back to me? Or the people that register on my site?

Please Log in or Create an account to join the conversation.

More
8 months 5 days ago #4 by WolfgangOWL
WolfgangOWL replied the topic: Security Problem - emailing passwords

WildLake wrote: Hashes can't be reversed to the original content (good hashes, anyway), so then how is it possible that you are emailing my password back to me? Or the people that register on my site?


You are barking the wrong tree. Kunena does not send the registration emails and therefore it does not send passwords. This is done by Joomla. If you don't want passwords sent to newly registered users set "Send Password" in Joomla User Options to "No".

And Joomla does not reverse the stored (hashed) password. It simply sends the content of the password field which was filled in by the user with the registration email if "Send Password" is set to "Yes".
The following user(s) said Thank You: WildLake

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.072 seconds