[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ELEOLHOJFMBPBFCJHOCIKEGGEGAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh])
Subject: Password in the Activations Email
> Is this necessarily worthy of a post to FD?
shit i managed to screw over nicely, now it will start another flame war. i did not want to send it to FD if ever i wanted to send it i would have sent it to security-basics!
> I have never used that site, but I would only consider it evil if:
>
> 1) I gave it a password at signup
> and
> 2) It emailed that password back to me
This is what exactly happened i was asked a passwd at signup and the site mailed the passwd back with all the other detailed info that was entered for signing up the account
> If one of those is the case, then it's terrible, but I still don't
> believe it's worthy of a CC to full-disclosure.
me too some how i think that the fd posing address was in clipboard and because of unsing all the keyb shortcuts the mail was send in a jiffy! sorry
> However I think if it sends a temporary password out, and it asks you to
> change it, then that is fine in my books; it's akin to sending out an
> activation "code" that one must enter to activate an account.
no they do not out a temp passwd only a activation url and when activated they send you a email with all the details and passwdord
-sorry for wasting the lists time, this is really security-basics@...urityfocus.com stuff
forget it, dont bother to reply to this post and kill off this thread
-aditya
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Powered by blists - more mailing lists