Password Reset Link In Email Opens An Insecure Page

Started by Pilot McPilot, Apr 20 2013 06:30 AM

Contact Support

You cannot reply to this topic
Go to first unread post

1 reply to this topic

#1 Pilot McPilot

Rookie

1 posts

Posted 20 April 2013 - 06:30 AM

I just had to reset my password and noticed that the reset link that is sent via email directs you to a page which is accessed over HTTP, not HTTPS.

This means that when you submit your new password, you are sending it in plaintext. This is bad.

Simply changing the URL in the address bar to use HTTPS works fine. But this shouldn't need to be done. It should direct you to a secure page in the first place.

I just thought I'd better let you guys know.

Thanks.

#2 3ffigy

Member

Bad Company
150 posts

Posted 05 May 2013 - 08:21 PM

The first issue here is that the email should have had https in the included URL, the second is that the page should have detected that the user visited it via http and either instructed the user to go to or auto-redirected to the secure page. So support will need to check the email being sent out as well.

Back to Archive · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Mark Community Read

MechWarrior Online | Privacy Policy | Cookie Settings | Code of Conduct | Terms of Use

All material on this site is copyright © 2012-2024 Piranha Games Inc. and/or their respective licensors. All rights reserved. MechWarrior and Battletech are registered trade-marks of Microsoft Corporation and are used under license. All other trade-marks are the property of their respective owners; ® or ™ as indicated.

Password Reset Link In Email Opens An Insecure Page

#1 Pilot McPilot

#2 3ffigy

1 user(s) are reading this topic

HOME

GAME

MEDIA

COMMUNITY

SUPPORT