pyBlackjackAA
Low RollerLow Roller
Joined: 28 Sep 2015
Posts: 22
Thanks given: 5
Thanks received: 15
14 September 2016 - 11:11am

7Red stores passwords in cleartext?

6 replies • Last post

Hello everyone.

Just a heads up.
When I used the forgot my password function 7red.com sent me the password in clear text.
So as a reminder, use different passwords for your casino sites.

I haven't checked but I would figure they use the same code for all the sites in the group, if that's the case then the following sites are affected as well:
* Nordicslots
* RoyaalCasino
* NorgesSpill

REgards

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 10400
Thanks given: 6286
Thanks received: 5350
15 September 2016 - 1:27am
#1

Oh dear that is an elementary security failure. It means that anyone with access to the customer database (either within the casino or from outside via hacking or whatever) could see every customer's password if they wanted to. When we first reviewed them they were running the entire casino website including logins and registration without SSL. We gave them a bad rating and a warning and asked them to fix it and eventually they did. But I am not surprised by this as I get the feeling that their technical people (if they have any) are not very proficient.

Always play it safe! Consult our list of rogue casinos and warnings before depositing at a new casino.
Post in our forums to earn CLchips which can be used to buy real prizes in our CLchips shop.

lvblck
Forum AngelForum Angel
Location: The North
Joined: 6 Apr 2016
Posts: 3878
Thanks given: 343
Thanks received: 1134
15 September 2016 - 11:47pm
#2

This is quite bad, definitely agree with CL-Ed that their tech doesn't seem very professional.

bgsharpe
Forum AngelForum Angel
sharpe's picture
Location: Sofia, Bulgaria
Joined: 4 Nov 2014
Posts: 7646
Thanks given: 4239
Thanks received: 1165
23 September 2016 - 11:16pm
#3

Yes it looks very unprofessional from their side, these days even at non gambling sites when you don't risk any personal information to be revealed is unacceptable for such things to happen but what about when it comes to a gambling site where you store all details about your credit cards, personal information e.t.c., they definitely should fix that.

caactmyname
GamblerGambler
actmyname's picture
Joined: 13 Aug 2016
Posts: 82
Thanks given: 7
Thanks received: 24
25 September 2016 - 8:53pm
#4
blck wrote:

This is quite bad, definitely agree with CL-Ed that their tech doesn't seem very professional.

This is similar to one of my problems with 5Dimes. To withdraw, you need to send them your password and account number via email (which is absurd) unencrypted.

I've never seen any other site do something so unorthodox

bgsharpe
Forum AngelForum Angel
sharpe's picture
Location: Sofia, Bulgaria
Joined: 4 Nov 2014
Posts: 7646
Thanks given: 4239
Thanks received: 1165
26 September 2016 - 7:22pm
#5
actmyname wrote:

This is similar to one of my problems with 5Dimes. To withdraw, you need to send them your password and account number via email (which is absurd) unencrypted.

I've never seen any other site do something so unorthodox

Yes it really sounds like an absurd, never happened to me though, really strange asking from their side but I guess you don't have a choice when it comes to withdrawing money.

krcoolsongss
High RollerHigh Roller
coolsongss's picture
Joined: 2 Dec 2014
Posts: 2832
Thanks given: 2119
Thanks received: 1417
10 October 2016 - 9:06am
#6

Oh, I see. Actually, I can't sign up in these casinos, due to jurisdiction issue.
the casinos were rated quite good in the other forums.

But, it would be better to choose other casino because of this technical issue.

Good Luck.