You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The user login is transmitted via unsecured HTTP to tv.deezer.com.
So plain text email address and a MD5 hash of the password are transmitted.
However MD5 is not a strong hash function as it could be easily reversed.
Environment (optional if log file provided) :
affected OS: any
affected addon version: 2.0.5
Steps to reproduce
Open Wireshark (or any packet interception app) and start capture
Describe the bug
The user login is transmitted via unsecured HTTP to tv.deezer.com.
So plain text email address and a MD5 hash of the password are transmitted.
However MD5 is not a strong hash function as it could be easily reversed.
Environment (optional if log file provided) :
Steps to reproduce
How to resolve
Please consider using HTTPS and if possible SHA256 hash.
You might also enable HTTPS for the streaming.php endpoint.
The text was updated successfully, but these errors were encountered: