Hostway stores all passwords in PLAIN TEXT
#1
Hi,


I had a web-hosting account with a company that decided to get out of the game. They moved our website over to the company Hostway. The move went well enough, and I didn't really log in to do anything. It all just worked. 

Now that I need to make a site change, I discovered something that really troubled me. All the user accounts for the the site (such as FTP and SSH accounts) have a button saying "show password", indicating that the passwords are not properly salt/hashed with a properly 1 way hash. 

This upset me a bit, but what really troubles me is that when I called support, the verification question for me was "what are the last 4 characters of your password". At first, I thought he wanted one of the FTP account passwords, but he indicated that he wanted the main hosting account password. Meaning he was able to see that password, in plain text. 

This is as bad as it gets for security with ANY company that stores user account information, let alone a hosting provider, who should at least do the basic things for proper security.


 For More Details

   product ads marketing examples
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)