Changing "pwd"

  • Jan Schmidt

    (@tesha)


    14 years, 11 months ago

    After a recent and very nasty attack, I asked GoDaddy to give me some advice on how to prevent this in the future.

    One thing they suggest is to stop the transmit of “pwd” in any strings.

    specifically in:

    Page : /wp-login.php?log=&pwd=&submit=Log In&rememberme=forever&redirect_to=/about/login
    Destination page : http://nashuademocrats.com/wp-login.php
    Input name : pwd

    Is there anyway to hide this without having to https?

    thanks,

Viewing 2 replies - 1 through 2 (of 2 total)
  • esmi

    (@esmi)

    14 years, 11 months ago

    The password is not being transmitted in that url.

    Thread Starter Jan Schmidt

    (@tesha)

    14 years, 11 months ago

    this is their comment… now that I read it – it says this is just a clue that here there might be pswrds

    Description:
    The remote web server contains several HTML form fields containing
    an input of type ‘password’ which transmit their information to
    a remote web server in cleartext.

    An attacker eavesdropping the traffic between web browser and
    server may obtain logins and passwords of valid users.

    —I think I have a solution – I just found a plugin called secmisecure password that encripts the pswrd –

    Thanks esmi…

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Changing "pwd"’ is closed to new replies.