Larian Studios Forums General About this website Security Issue

Hello

It is incredible, that a company like yours does not take care about the MOST elementary security protection...
Please protect urgently our logins by using HTTPS on your forum!!

Thanks a lot,
best regards,
Kalthen

Came here to post this. Do not send plain text passwords via email. There is simply no reason to do this.

As mentioned, an https-enabled forum is currently being tested and will be rolled out soon. Passwords are emailed out at the time of account creation which is bad practice but they are at least not stored in cleartext but one-way encrypted. The software does not provide a way to disable it; if it is not fixed in a newer release (or if we are not going to upgrade imminently) I will see what I can do about rewriting the registration script myself.

The forum has been updated to https, and passwords are no longer being sent by email.

Thanks for the quick fix! Much appreciated!

Necro-ing this post to say passwords are still being sent in plaintext. I joined today and my first encounter with the forum was to have my username and password sent to me via email in plaintext. I'm glad to see this has been addressed previously, but it needs to be revisited.

I just joined today, can confirm that passwords used to register are being sent on account creation.
I was a little shocked and deleted the email straight away, not that I felt like I would be hacked but just incase someone compromised my email they couldn't search for passwords in emails.

Registered 2 days ago, passwords are still sent in cleartext