Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Sub-Driver

From the “full story”

” The glitch was discovered last week by Ben Simo, a software tester in Arizona. Simo found that gaining access to people’s accounts was frighteningly simple. You could have:

guessed an existing user name, and the website would have confirmed it exists.

claimed you forgot your password, and the site would have reset it.

viewed the site’s unencrypted source code in any browser to find the password reset code.

plugged in the user name and reset code, and the website would have displayed a person’s three security questions (your oldest niece’s first name, name of favorite pet, date of wedding anniversary, etc.).

answered the security questions wrong, and the website would have spit out the account owner’s email address — again, unencrypted.”


7 posted on 10/29/2013 10:42:13 AM PDT by Zeneta
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Zeneta
viewed the site’s unencrypted source code in any browser to find the password reset code.

Holy crap! That means the password reset is done client side.

13 posted on 10/29/2013 10:52:51 AM PDT by Jeff Chandler (Obamacare: You can't make an omelette without breaking a few eggs.)
[ Post Reply | Private Reply | To 7 | View Replies ]
To: Zeneta
The 36 thousandth glitch was discovered last week by...

But don't worry we gonna patch every one of them. We got digital superglue and masking tape.

27 posted on 10/29/2013 11:13:41 AM PDT by arthurus (Read Hazlitt's Economics In One Lesson ONLINEhttp://steshaw.org/economics-in-one-lesson/)
[ Post Reply | Private Reply | To 7 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson