Jump to content

vPilot sends credentials in clear-text


Recommended Posts

Hi there,

I tried to connect to the network a few minutes ago, but vPilot said "invalid CID/password". So I tried to find out if this is a general message when the client cannot connect to the VATSIM servers. I started Wireshark to identify this problem because I recently had problems with my network.

I connected to a specific server (UK-1) and set a filter in Wireshark for the IP of the server and saw that all communication is not encrypted. When I decided to follow the TCP traffic, I could see everything in plain text, like UID, password and so on. All communication from vPilot to the selected server.

I expected applications to use encrypted communication in 2020. Is this an error or "works as designed"? 

I only ask because I showed it in a livestream: "how to identify problems with the connection: Your error or the error of others?", and everyone who watched could see my login details. If I had already changed my password, but, you know, it's 2020 and really everything is encrypted. Everything except the vPilot Client 😉

All the best,
Justin

Edited by Justin Fingerhuth
Link to post
Share on other sites
25 minutes ago, Justin Fingerhuth said:

it's 2020 and really everything is encrypted. Everything except the vPilot Client

You make it sound like I made a mistake developing vPilot. :classic_biggrin: The reality is that VATSIM runs on a 25 year old network protocol that has never been encrypted. I can't encrypt the credentials when sending them to the server if the server is expecting clear text.

Developer: vPilot, VRC, vSTARS, vERAM, VAT-Spy

Senior Controller, Boston Virtual ARTCC

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...