Security Risk

Posted: Sat Nov 05, 2011 8:45 pm Post subject: Security Risk

I started to go through the sign up process - entered all of my details, the domain I wanted to purchase, but didn't pay for service. The reason I didn't complete the purchase: I got sent an e-mail containing the password in plaintext that I had registered with my account. This is an unacceptable security risk.

So my logon - my e-mail address - and my password are contained in the same e-mail. As far as I am concerned you don't need to send me my password. I told you what it was over https - and I entered it twice for consistency.

NetHosted Staff Joined: 22 Mar 2004 Posts: 6922

Hi,

Just to be clear the email was sent via a fully encrypted SSL connection to your mail provider.

We use an "off the shelf" package for our signup/billing page. I agree with you that at signup it's not necessary for this email to be sent considering a user has just entered the details, I have disabled it now.

Thank you for your feedback.

Would you like to cancel your order from last night? If so can you provide us with the order number (or some other details) so we can track it. You can do this via our ticket system.

Thanks,

Andrew

Posted: Sat Nov 05, 2011 9:25 pm Post subject:

Thanks for the quick response on a Saturday night. I hadn't considered that SSL would be used, so this mitigates the problem. The response to remove the e-mailed password in future is encouraging.

NetHosted Staff Joined: 22 Mar 2004 Posts: 6922

No problem at all.

Thanks,

Andrew

Client Support	Community	Server Status	Contact Us	Client Login
Email Hosting	Website Hosting	Reseller Hosting	VPS Hosting^new!	Dedicated Servers