INSECURE: Lobby2 extension stores passwords in cleartext
jompu opened this issue · 0 comments
jompu commented
You should fix the lobby2 extension or deprecate it as insecure.
It stores the passwords in cleartext and sends a lost password in cleartext to users email.
You can verify this by just looking into DependentExtensions/Lobby2/PGSQL/Lobby2Message_PGSQL.cpp file and search for a password string.