https://bugzilla.wikimedia.org/show_bug.cgi?id=39380
Chris Steipp <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Chris Steipp <[email protected]> 2012-08-15 14:40:56 UTC --- @Jarry1250 If the login in is plaintext, then the attacker grabs the victims password and can login at any time (and try to attack other services using the same username and password). If the login is over ssl, and then a user browses in plaintext, the attacker can get the user's session and impersonate the victim, but can't re-login if the session goes away, and can't use the victims password on other sites. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
