2011/10/11 Josh Juran <[email protected]>: > On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote: > >> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <[email protected]> wrote: >> >>> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope >>> none of them were otherwise valuable. (Remember FireSheep?) >> >> Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart... >> Is there no way to replace this with some sort of client based hashing or >> something? > > To clarify, your browser sends your password to bugzilla in cleartext, since > HTTPS isn't an option. > > Firesheep was a lesson that even once passwords are secure, session > credentials are still vulnerable to sniffing. Some sites went to HTTPS-only > sessions after that.
http://bugs.winehq.org/show_bug.cgi?id=23791 -- -Austin
