PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

badoo.com authentication with link in mail (no password query)

From: Alex Kornilov <alex.kornilov3 () mail ru>
Date: Sat, 12 Nov 2011 19:16:37 +0100
Hello
Maybe you already know Badoo (https://secure.wikimedia.org/wikipedia/en/wiki/Badoo), a one-night stand community. I receive every day mails like this: 
http://i.imgur.com/1CvVY.png
By clicking on the link "Sieh nach ob ihr zusammenpasst..." I am automatically logged in in my profile (with full authorization). 

The link is (anonymized here):

http://eu1.badoo.com/access.phtml?UID=474159433&secret=z8chfrtWmI&g=50&m=47&mid=43bd81cr005032477005004d13e26att
the first part is always the same, but mid=* changes every mail. Old links (already visited) also work.
How they garantee the security? It means if I sniff a Badoo mail, I am able to login as other person? Anybody knows more how this auth process works? 

regards
Alex

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: