Advertisement:

Author Topic: main admin username and pw in public plaintext error  (Read 2019 times)

Offline jeremy_cct

  • Newbie
  • *
  • Posts: 2
main admin username and pw in public plaintext error
« on: May 10, 2017, 10:52:25 AM »
Not so much a bug since your documentation mentions that the forum only works with PHP 4 and 5, but this needs to be stated. I had a decent size forum running (~300 members) and the web host performed a PHP upgrade to version 7. This took the forum down. The problem is that in place of the forum was two lines of plaintext which contained the main admin username and password. That is major. Something which drops the forum should not reveal user credentials.

I would link to the page but to protect that info, I deleted the forum.

Offline Steve

  • Support Specialist
  • SMF Hero
  • *
  • Posts: 3,927
  • Gender: Male
  • I have not yet begun to procrastinate.
Re: main admin username and pw in public plaintext error
« Reply #1 on: May 10, 2017, 11:00:40 AM »
SMF currently does not support PHP 7. An upgrade to be released shortly will fix that.
Please do not PM me for support.

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 48,049
Re: main admin username and pw in public plaintext error
« Reply #2 on: May 10, 2017, 11:13:27 AM »
this has been reported before. https://www.simplemachines.org/community/index.php?topic=553582.0 it is not an SMF issue.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,098
  • Gender: Male
    • Kindred-999 on GitHub
Re: main admin username and pw in public plaintext error
« Reply #3 on: May 10, 2017, 12:40:46 PM »
It's a hint that you need to get a better host...
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline jeremy_cct

  • Newbie
  • *
  • Posts: 2
Re: main admin username and pw in public plaintext error
« Reply #4 on: May 10, 2017, 01:02:45 PM »
Ahh, I see. Sorry, I had missed that other article. I am glad it isn't an issue with the forum at least. I pulled a backup of the files before removing it so maybe I can get it restored easy enough later.

As for the webhost, this domain is with siteground and they have been great about everything else so far. They have been contacted and are resolving this on their end.

Thank you for the fast response here.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,035
    • Arantor on GitHub
Re: main admin username and pw in public plaintext error
« Reply #5 on: May 10, 2017, 01:09:36 PM »
Great other than updating your site without checking it was OK first?
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.