|
|
|
|
|
|
by gwbas1c
834 days ago
|
|
|
As far as I know, they ALL stored the password as plaintext. I ran VBBS and then Iniquity, and those stored the password as plaintext and visible to the sysop. I also suspect WIIV and Tele(can't remember the last part of the name) stored them as plaintext, but I didn't evaluate those as closely. I once caught someone calling into my BBS as another user, so I implemented a pseudo 2-factor authentication system that asked for some other details from the profile. I also added a script that made my co-sysops enter a whacky 2nd password in case someone used a vulnerability to download other users' passwords. |
|
|