Created attachment 928822 [details] An Example E-Mail, With Password Obscured Vulnerability: : According to answers like https://law.stackexchange.com/a/64734/59204 [^1] and my own comprehension of current best practices and their accompanying law, I believe that the phpBB instance either storing passwords in plain text, or using reversible encryption, should be remediated. Per https://security.stackexchange.com/a/7122/217497, [^2] mailing my password back to me upon registration at https://forums.gentoo.org/profile.php?mode=register&agreed=true#form1:~:text=Forums%20Forum%20Index-,Registration,-Information is unanimously considered malpractice. If this should have instead been filed at https://bugs.gentoo.org/enter_bug.cgi?product=Gentoo%20Security, please transfer it there. Otherwise, I'll do so, if I've the permission to. I'm unfamiliar with this BZ instance, so I apologise if so. Citations: : [^1]: https://law.stackexchange.com/revisions/64734/1#content:~:text=GDPR%20regulations%20on%20the%20whole,civil%20suit%20against%20the%20organisation. [^2]: https://security.stackexchange.com/revisions/7122/1#content:~:text=contact%20the%20website%20and%20try%20and%20explain%20them%20how%20bad%20of%20an%20idea%20and%20practice%20it%20is%20to%20store%20(and%20email)%20passwords%20in%20plain%20text.
It needs the forums software upgraded. *** This bug has been marked as a duplicate of bug 761073 ***
