This thread is frustrating. Everyone seems more interested in nitpicking the specifics of what OP is saying and are ignoring that a forum sends you your password (not an automatically generated one) in an email on registration.

  • FlumPHP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Sending passwords via email Will compromise any passwords sent via email.

    100%. But that is a different problem and a different attack vector than storing passwords in plain text for authentication. When reporting security issues, it’s important to be precise.