Hello,

How easy is it for someone to get passwords from Classic 6.7.2 forums? I have a forum and someone told me it was easy to get other people's passwords. I know the passwords are not encrypted.

If this is true, how do they do this and what can I do to stop this? If people can see the passwords, where are they seeing this stuff?

I want to make sure that someone doesn't wipe out the forum or get into people's accounts and start reading private messages etc.

Thanks.

Passwords are hashed using MD5 in cookies, and are never presented in plaintext via any user interface, frontend or backend. Unless the user has filesystem access to your server, or access to each victim's email account, there is no way to obtain user passwords.

There are still ways to obtain passwords, but they all rely upon the victim doing something wrong, such as using a weak password, or using the same password for multiple sites, one of which the malicious user has has compromised or runs.

Thank you very much! I really appreciate it.