Support » Plugin: Application Passwords » 100% Unsafe using Base64

  • Base64 encoding is UNSAFE method used by large number of naive application programmers hoping to “obscure” the plain text password as it travels across the network. Base64 encoding lacks any form of cryptographic algorithm so it fails to protect sensitive information, as result Base64 vulnerability is the root of multiple security breaches. Both the user’s ID and password are completely exposed. Using Base64 is no more secure than converting a secret from English into French. Stupid or Careless programmers (as opposed to uneducated) still use Base64 in many networks and end-user applications with no regard as to the damage they created. Simply web search “base64 vulnerability” to see how badly you wrecked the security using it. Cheers!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Simply web search “base64 vulnerability” to see how badly you wrecked the security using it.

    Base64 by itself is just encoding and you’ll need to do better than a “web search”.

    *Drinks coffee*

    I’ve removed your tags, don’t abuse those.

    Now- What exactly are you talking about? Show me in the code where you’ve made that determination.

    https://plugins.trac.ww.wp.xz.cn/browser/application-passwords/#trunk

    If you’re going to make accusations without proof then this review will be removed.

    So you do remove reviews you don’t like? Why I see so many many reviews where people just claims things and never proof them and they never get removed? I though you will simply never remove reviews.

    I don’t know and have no opinion of this plug-ins security by the way.

    So if you remove this could you please also remove this one. Totally unproven and debunked claims.

    And please this one as well. Same unproven claims.

    And this one, user makes a false claim that is even described in the feature list. User was just to lazy to read and the throws out a claim. Looks like the same could be the case here in a sense.

    Its pretty much all 1 Star reviews I got, all of them are just claims that I am happy to debunk. (and did in the comments)

    I am just picking my plugin here because its easy to find this wrong claims because I remember them. But I have seen other plugins that have a hell of a lot bigger problem with this “non reviews” and false claims then I do.

    Part of me thinks its great that you demand “proof” and threaten to delete. Another part of me thinks. Who is gonna decide of something is proven or not? Jan Dembowski? What makes him a authority to decide that because he is a mod on wp.org for a long time. Well better just not touch those reviews. But then again many things can pretty easy determinate as false without anyone in their right mind objecting.

    Are there some guidelines on this case? Because reading this threat to remove for not proving something really surprised me. Because, again I have seen hundreds of reviews (most 1 star) that just quickly throw out a false claim and never ever come back but those never get deleted. Some of them get so old that plugin authors cant even reply anymore. Thats even more unfair then they cant even defend themselves if the decide to years later.

    And no I am not trying to get rid of critical reviews, I am OK with constructive critic of my or and plugin. But the fact is I think not one of the 1 star reviews I got is actually constructive and right critic. All or all but one are just unproven claims.

    I have to say it but I smell some double standard and special treatment here.

    Good point, there really needs to be a process to remove obviously untrue reviews. Especially where the reviewer is just the sock puppet of a competitor.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘100% Unsafe using Base64’ is closed to new replies.