Conexware-Account: Passwords stored cleartext?



  • Hello!
    Sorry for posting this in PA-General, but I haven’t found a better place.
    Last week I had to change my password and about 4 hours later I received an E-Mail from Conexware giving my new Password in cleartext.
    So my question is: are passwords stored in cleartext? If they were stored as salted hashes (as suggested and good practice today) it should not be possible to retrieve my password.
    Things I have checked before posting here:

    1. The mail with my password originates from Conexware (according to headers)
    2. The page I used to change my password was encrypted and belonged to Conexware.
      So it should not be the result of some kind of phising.
      Thanks for a reply!
      A.Borque


  • Hello!
    Your password is not stored in cleartext. Password are stored encrypted. We use strong and secure algorithm for password encryption.
    Accounts are safe.
    Cetko


  • conexware

    @cetko:

    Hello!
    Your password is not stored in cleartext. Password are stored encrypted. We use strong and secure algorithm for password encryption.
    Accounts are safe.
    Cetko

    I cant believe this is Cetko’s first post since he started working here in 2012! Congrats Cetko!


  • conexware

    Welcome Cetko!! Grab a beer and come around often! 😃



  • Thank you guys 😃


  • Alpha Testers

    @cetko:

    Hello!
    Your password is not stored in cleartext. Password are stored encrypted. We use strong and secure algorithm for password encryption.
    Accounts are safe.
    Cetko

    But clearly they’re not stored as a salted hash.

    Where does the decryption key come from to allow you to email the password?


 

0
Online

9.8k
Users

6.0k
Topics

36.7k
Posts