Results 1 to 2 of 2
  1. Newbie
    • Member Info
      • Native Language:
      • English
      • Home Country:
      • United States
      • Current Location:
      • United States

    • Join Date: Aug 2012
    • Posts: 1

    Angry Reply to: Account Password Vulnerability

    Has anyone else received this email about your password being changed because it was found vulnerable?

    A vulnerability has been found with your password at ESL Forum. Some passwords are vulnerable to exploitation which may allow a third party to hijack your account.

    This may lead to your account being used without your knowledge or permission, and actions being performed under your name.

    Vulnerable accounts can also be bad for the board as a whole as they may enable access for automated tools to spam both the forums and other user accounts,
    using your username.

    As such we have had to reset your password.
    You can find your new login details below.
    The message is not at all specific about the exact issue, and it is a no reply email address. I wonder if this is an issue of passwords being revealed. To me it sounds as though a system tool (bot) has been going through lists of passwords and determining the strength or weakness of the password. I personally find the issue of passwords a pain. People can have very complicated passwords and still have them stolen. While others can use simple passwords without them ever being revealed.

    In my opinion, passwords are stolen in three ways: People share them intentionally or unintentially, people install software or code that steals passwords, and people have security vulnerabilities in operating systems. The idea that people sit at computers and guess passwords is a great tool in stories but is not the reality. There are programs that do that, but the chance that someone might log into my account because the password doesn't look complicated is slim. Additionally, any server that does not block programs that try to guess passwords is the problem.

  2. Editor,
    English Teacher
    • Member Info
      • Native Language:
      • British English
      • Home Country:
      • UK
      • Current Location:
      • Laos

    • Join Date: Nov 2002
    • Posts: 60,208

    Re: Reply to: Account Password Vulnerability

    The email was sent to everyone- nothing has been assessing the quality of passwords. Also, we cannot see anyone's passwords. There was a potential vulnerability in the forum software, now closed, which could have allowed someone to get into accounts. Password guessing wouldn't work, because there are limits imposed. However, as there was a vulnerability, it's better to make sure by changing all passwords. Sorry for the inconvenience.

Similar Threads

  1. [General] Vulnerability versus Susceptibility
    By gopikoundinya in forum Ask a Teacher
    Replies: 1
    Last Post: 31-Jan-2010, 16:43
  2. [Grammar] Saving Account or Savings Account?
    By Williamyh in forum Ask a Teacher
    Replies: 1
    Last Post: 27-Nov-2009, 02:59
  3. Forget Password? or Forgot password????
    By ashashivam in forum Ask a Teacher
    Replies: 6
    Last Post: 12-Jun-2008, 09:30
  4. a confused account, a confusing account
    By joham in forum Ask a Teacher
    Replies: 5
    Last Post: 11-Dec-2007, 05:38
  5. password protection
    By ehsanshekari in forum Ask a Teacher
    Replies: 1
    Last Post: 29-Nov-2007, 12:08


Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts