Plusnet Password Security Vulnerability
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Plusnet Password Security Vulnerability
Plusnet Password Security Vulnerability
14-08-2022 3:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I was just asked by customer services to give two digits of my password, which means that it must be stored as (or retrievable as) plain text.
There is no excuse these days for not salting / hashing passwords.
The falls well short of the Information Comissioners Office Guidance on storing passwords now that GPDR is in force:
Re: Plusnet Password Security Vulnerability
15-08-2022 8:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It is not impossible for specific two letter combinations to be stored as a hash in isolation from a hash of the whole password.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: Plusnet Password Security Vulnerability
15-08-2022 9:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
That's true, I hadn't considered that possibility. Is that what Plusnet claim to do?
It seems like an odd way of doing things though when there are lots of other security questions that could be asked.
Re: Plusnet Password Security Vulnerability
15-08-2022 11:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I do not know what Plusnet does (or does not do) - this issue has been raised before and there have been assurances that full password decryption does not happen.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page