Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion
search
Home Agent Weblogs Social Network Post Help About


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Wired News: Apple Squashes E-Store ID Bug. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Wired News: Apple Squashes E-Store ID Bug
by Dementia at 2:32 pm EDT, May 5, 2003

] Null said he discovered the vulnerability at Apple.com
] using the "view source" option in his Web browser while
] visiting a section of the online store designed to help
] people who have forgotten their passwords.
]
] After submitting his e-mail address, as requested by the
] system, Null said he noticed that Apple was hiding a
] string of letters and numbers in the source code to one
] of the pages designed to confirm users' identities.
]
] By cutting and pasting that "hash" into a separate page
] for specifying the new password, Null was able to change
] his password without answering the secret question used
] to authenticate him.

Well, at least Apple didn't want to arrest the guy.

Link - Reply

  
 
Powered By Industrial Memetics