Jump to content

ACP LOGIN LOG


Guest Jaggi

Recommended Posts

Just looked at this feature and noticed it gives away the last character of your pass... WHY?!?

i don't like having even one of my password letters on display and ALOT of people put numbers at the end of their password this could spell the difference between someone guessing and not guessing your pass. Just don't think its a good idea at all and also gives away the length of your pass. Fair enough you have to be in the acp or db to view it in the first place and be a root admin from my tests but i still don't like it.

Link to comment
Share on other sites

Just looked at this feature and noticed it gives away the last character of your pass... WHY?!?



i don't like having even one of my password letters on display and ALOT of people put numbers at the end of their password this could spell the difference between someone guessing and not guessing your pass. Just don't think its a good idea at all and also gives away the length of your pass. Fair enough you have to be in the acp or db to view it in the first place and be a root admin from my tests but i still don't like it.


The Administrator Control Panel is meant to be a place for people you can trust--especially as far as Root Admins. If you don't trust those people, they shouldn't be there.
Link to comment
Share on other sites

The Administrator Control Panel is meant to be a place for people you can trust--especially as far as Root Admins. If you don't trust those people, they shouldn't be there.



This feature has nothing to do with your other admins. The idea is if your site is hacked, and someone logs into your ACP, by showing one character you can instantly tell if they used YOUR password, or if they somehow changed your password to something else.

It's one character - as Matt said, if you can guess your password from 1 character, it's too weak as it is.
Link to comment
Share on other sites

Its a double edged sword.
If your password is admin or password then you had it.

The only + point is that it will tell you what password your hacker friend used to login.

BUT if the hacker is smart enough, he will destroy the logs, if not the forum.
Its no big deal to know what password hacker used to login in admin cp.

In the long run I think this is not a good idea to give the cat a clue as to where to start backwards to try ur password.
If you ask can it be a vulnerability or not, i would say yes it is

Link to comment
Share on other sites

  • Management

It's not a vulnerability - that's just being alarmist.

It's no different to having all but the last 4 digits of your credit card number hidden (**** **** **** 4367) on a receipt or statement.

Like I said before, if you think that your password could be guessed if someone knew the last character of your password, then you should really change it.

If it helps, my password shows in the logs as: ************4.

Go crack.

Link to comment
Share on other sites

I had once challanged some guy online that my site is secure and he couldnt


do anything about it. And after 2days all my sites were hacked with a greeting


from him. And my password was not easy one to.


Mods?
Keylogger?
Social Engineering?

I know people who have lost passwords to EVERYTHING, and claimed it was all mighty 'hackers' :P
Link to comment
Share on other sites

just so you know I HATE that your last 4 digits show on cc's :P.

and my pass is a mixture of numbers and caps all the way through so doubt anyone could hack it and i change it more or less monthly. Just didn't like the feature and thought i'd see other people thought.

Link to comment
Share on other sites

It's not a vulnerability - that's just being alarmist.



It's no different to having all but the last 4 digits of your credit card number hidden (**** **** **** 4367) on a receipt or statement.



Like I said before, if you think that your password could be guessed if someone knew the last character of your password, then you should really change it.



If it helps, my password shows in the logs as: ************4.



Go crack.



Is that your credit card number also? :shifty:
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...