] Null said he discovered the vulnerability at Apple.com ] using the "view source" option in his Web browser while ] visiting a section of the online store designed to help ] people who have forgotten their passwords. ] ] After submitting his e-mail address, as requested by the ] system, Null said he noticed that Apple was hiding a ] string of letters and numbers in the source code to one ] of the pages designed to confirm users' identities. ] ] By cutting and pasting that "hash" into a separate page ] for specifying the new password, Null was able to change ] his password without answering the secret question used ] to authenticate him. Well, at least Apple didn't want to arrest the guy. Wired News: Apple Squashes E-Store ID Bug |