Message-ID: <ELEOLHOJFMBPBFCJHOCIKEGGEGAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh])
Subject: Password in the Activations Email

> Is this necessarily worthy of a post to FD?

shit i managed to screw over nicely, now it will start another flame war. i did not want to send it to FD if ever i wanted to send it i would have sent it to security-basics!
 
> I have never used that site, but I would only consider it evil if:
> 
> 	1) I gave it a password at signup
> 	and
> 	2) It emailed that password back to me

This is what exactly happened i was asked a passwd at signup and the site mailed the passwd back with all the other detailed info that was entered for signing up the account 

> If one of those is the case, then it's terrible, but I still don't
> believe it's worthy of a CC to full-disclosure.

me too some how i think that the fd posing address was in clipboard and because of unsing all the keyb shortcuts the mail was send in a jiffy! sorry
 
> However I think if it sends a temporary password out, and it asks you to
> change it, then that is fine in my books; it's akin to sending out an
> activation "code" that one must enter to activate an account.


no they do not out a temp passwd only a activation url and when activated they send you a email with all the details and passwdord 

-sorry for wasting the lists time, this is really security-basics@...urityfocus.com stuff 
forget it, dont bother to reply to this post and kill off this thread 



-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Powered by blists - more mailing lists