Home page logo

funsec logo funsec mailing list archives

Re: How *NOT* to handle incorrect passwords ...
From: Valdis.Kletnieks () vt edu
Date: Thu, 25 Jul 2013 14:39:24 -0400

On Thu, 25 Jul 2013 10:59:55 -0700, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" said:

Virgin Atlantic feels that it is a good idea to provide the failed password, in plain
text, in the URL when you try for a reset ...

Just be glad it isn't the correct password, helpfully provided for your
second attempt.

Attachment: _bin

Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]