This thread is frustrating. Everyone seems more interested in nitpicking the specifics of what OP is saying and are ignoring that a forum sends you your password (not an automatically generated one) in an email on registration.

  • @Bitrot
    link
    English
    8
    edit-2
    1 year ago

    An issue if you’re reusing passwords. If not, every forgot my password email is also vulnerable.

    A combination of bad practices could be… bad.

    Edit: apparently around the same time, their forum was also lacking https. This would be an even easier vector.