I recently did some network checks for XDA and found out that they are not providing enough security for the personal information of members in the community.
Basically nothing is encrypted
Here is the login page:
As you can see it's in MD5, preferably passwords must be encrypted in order to safeguard your personal information. As MD5 hashes can be reversed.
Here is the worst part, I found out that my personal messages are not encrypted and have no security measures in place. A person can easily intercept your message without any reasonable effort.
Nah, that's not the worst part, this is...
When you change your password a potential hacker can intercept both your old and new password IN PLAIN TEXT.
I as a user want my personal data on my account to be safe, XDA should implement a full HTTPS for all Private Messages and User credentials as well as password edting.
Basically nothing is encrypted
Here is the login page:
As you can see it's in MD5, preferably passwords must be encrypted in order to safeguard your personal information. As MD5 hashes can be reversed.
Here is the worst part, I found out that my personal messages are not encrypted and have no security measures in place. A person can easily intercept your message without any reasonable effort.
Nah, that's not the worst part, this is...
When you change your password a potential hacker can intercept both your old and new password IN PLAIN TEXT.
I as a user want my personal data on my account to be safe, XDA should implement a full HTTPS for all Private Messages and User credentials as well as password edting.
Last edited: