Sunday, March 16, 2008

Basic web security flaw

I started receiving lots of email from a site called singlesnet because someone decided or made a mistake to sign up with my email address. The curious is that they do not confirm the address, so any random address used starts to receive notifications of other people that match or want to talk to you. Annoying to the owner of the address used, and bad for the user that might have mispelled the address, because he'll never use the service or will recreate his/her account.

The worst, though, is that you can retrieve and do anything having access to the used email address. I can gain access to the account, and the account password is sent to me. And I am not even sure if the password is actually regenerated or something.

Can you believe that we still have sites with this level of security?
Post a Comment