Login is not secured, except one page

anon80475429 · April 7, 2015, 9:53am

Only this page is the secure way of logging in currently (so logging in from the home page isn’t secure and sent through da interwebs) and the NewLogin page shown above uses HTTPS

I originally posted about this on twitter about 3-5 months ago but my tweets delete after 3 months so unable to find sadly, not sure if this really is a bug but some of you may not know and have been logging through the home page etc so this is helpful for those who didn’t know and maybe a fix soon?

woot3 · April 7, 2015, 10:05am

As is my understanding, I believe that the login box you find on other pages is in-fact a secure iframe element that uses https.

triston220 · April 7, 2015, 12:42pm

The other login pages seem to POST to pages using SSL, but since the form itself is loaded over HTTP it could be compromised by a MITM attack. Both the login form and where it posts to should use HTTPS.

Improper_Username · April 7, 2015, 5:40pm

I still like the old login better, just look at it!

Velibor · April 7, 2015, 5:43pm

[quote] I still like the old login better, just look at it!

[/quote]

That is not a Login, that is a sign-up