funsec mailing list archives
How *NOT* to handle incorrect passwords ...
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Thu, 25 Jul 2013 10:59:55 -0700
https://twitter.com/cjcheshire/status/360326695137468416/photo/1 Virgin Atlantic feels that it is a good idea to provide the failed password, in plain text, in the URL when you try for a reset ... ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Practice random humour and acts of senseless mirth victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- How *NOT* to handle incorrect passwords ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 25)
- Re: How *NOT* to handle incorrect passwords ... Valdis . Kletnieks (Jul 25)