I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
As you realized in your edit already, this part is not correct. The server would always receive your password plaintext (when signing up and when logging in), but only store it hashed and salted.