Home page logo
/

funsec logo funsec mailing list archives

How *NOT* to handle incorrect passwords ...
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Thu, 25 Jul 2013 10:59:55 -0700

https://twitter.com/cjcheshire/status/360326695137468416/photo/1

Virgin Atlantic feels that it is a good idea to provide the failed password, in plain 
text, in the URL when you try for a reset ...

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
              Practice random humour and acts of senseless mirth
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]