Originally Posted by
Middle_Seat
FlyerTalk does not use SSL, and so its cookies are presumably easy to copy and therefore the bad guys can subsequently log into FT as you.
I took a look at the page code and found the following lines:
<!-- login form -->
<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<script type="text/javascript" src="http://ui.ibsrv.net/ibsrv/res/src:www.flyertalk.com/get/forum/clientscript/vbulletin_md5.js?v=376"></script>
It seems that FlyerTalk does not encrypt the login process either. Although the password hash is sent instead of the actual password, the function used is MD5 and there isn't any salting. This setup seems especially weak these days. I suppose an attacker could sniff the hash out of the open network and attempt some kind of dictionary attack against it, straight-out compromising the FT account and possibly others, if the password has been reused.