| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh]) Subject: Password in the Activations Email > Is this necessarily worthy of a post to FD? shit i managed to screw over nicely, now it will start another flame war. i did not want to send it to FD if ever i wanted to send it i would have sent it to security-basics! > I have never used that site, but I would only consider it evil if: > > 1) I gave it a password at signup > and > 2) It emailed that password back to me This is what exactly happened i was asked a passwd at signup and the site mailed the passwd back with all the other detailed info that was entered for signing up the account > If one of those is the case, then it's terrible, but I still don't > believe it's worthy of a CC to full-disclosure. me too some how i think that the fd posing address was in clipboard and because of unsing all the keyb shortcuts the mail was send in a jiffy! sorry > However I think if it sends a temporary password out, and it asks you to > change it, then that is fine in my books; it's akin to sending out an > activation "code" that one must enter to activate an account. no they do not out a temp passwd only a activation url and when activated they send you a email with all the details and passwdord -sorry for wasting the lists time, this is really security-basics@...urityfocus.com stuff forget it, dont bother to reply to this post and kill off this thread -aditya ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Powered by blists - more mailing lists