I just had to reset my password and noticed that the reset link that is sent via email directs you to a page which is accessed over HTTP, not HTTPS.
This means that when you submit your new password, you are sending it in plaintext. This is bad.
Simply changing the URL in the address bar to use HTTPS works fine. But this shouldn't need to be done. It should direct you to a secure page in the first place.
I just thought I'd better let you guys know.
Thanks.


Password Reset Link In Email Opens An Insecure Page
Started by Pilot McPilot, Apr 20 2013 06:30 AM
Contact Support
1 reply to this topic
#1
Posted 20 April 2013 - 06:30 AM
#2
Posted 05 May 2013 - 08:21 PM
The first issue here is that the email should have had https in the included URL, the second is that the page should have detected that the user visited it via http and either instructed the user to go to or auto-redirected to the secure page. So support will need to check the email being sent out as well.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users