(Minor) Security Bug in Activation Emails

Description of problem:

  1. Sign up for account
  2. Send confirmation email
  3. Confirmation email uses http:// rather than https://

This could allow a malicious observer to intercept and / or alter the communication between the user and the website.

2 Likes

Thanks, we’re investigating.

1 Like

Most modern browsers (and some email providers) will automatically apply the https protocol as long as the registered domain name has a valid SSL/TLS certificate.

1 Like

We released a fix, thanks for the report.

2 Likes

This topic was automatically closed after 3 days. New replies are no longer allowed.