Forum > Blogs > Epic Security Fail
Epic Security Fail
avatar
Country: US
Comments: 6470
News Posts: 413
Joined: 2008-06-21
 
Mon, 11 Aug 2008 11:33:50
0

One of the websites I tried to use for a free PHP host was IsMyWebsite.  Well, I'm glad I did, because I got to be witness to one of the most ridiculous security failings ever.

Previously I already had to complain about their passwords being passed from page to page through GET headers, they've outdone themselves.  This morning I and every other IsMyWebsite user was sent an e-mail for forgotten passwords suggesting we choose just one of the accounts registered under our e-mail...which included every username and password for the site.

And in case you're wondering, the change password form doesn't work.

---

Tell me to get back to rewriting this site so it's not horrible on mobile
avatar
Country: UN
Comments: 16253
News Posts: 1043
Joined: 2008-06-21
 
Mon, 11 Aug 2008 11:37:09
0
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHA!

Wow, that sucks.

avatar
Country: GB
Comments: 48511
News Posts: 59786
Joined: 2008-06-21
 
Mon, 11 Aug 2008 14:10:51
0
WUT?

avatar
Country: US
Comments: 6470
News Posts: 413
Joined: 2008-06-21
 
Mon, 11 Aug 2008 14:24:19
0
^A webhosting site sent an e-mail containing every username and password out to its members LOL

---

Tell me to get back to rewriting this site so it's not horrible on mobile
avatar
Country: UN
Comments: 17319
News Posts: 2811
Joined: 2008-06-21
 
Mon, 11 Aug 2008 16:41:11
0
Doh! LOL

The VG Press

Log in or Register for free to comment
Recently Spotted:
*crickets*
Login @ The VG Press
Username:
Password:
Remember me?