Robbery in amateurish-2 or how Mail.ru stores passwords
Good evening Habr! Today is Friday and I'm on the air again!
This topic will not be different originality, and in it I will again rub salt on the wounds of clients of free postal services. In the comments to my previous topic “ Robbery in an amateurish way or how Yandex stores passwords ” bar_boss indicated that Mail.ru is also not distinguished by concern for the protection of user credentials. I decided to check, and here's the result - the same vulnerability in all its glory. Mail.ru users, hello! Talking about the sluggishness of Mile's support service, unlike Yandex’s similar service, is possible for hours. We bet, how long the specified vulnerability will not be closed ...
UPD Saport Mail.ru still reads Habr, after a day, the vulnerability seems to have already been addressed.
UPD2 And RNZ allegedly found another case of sending passwords in clear text .
Everything is simple as in the children's room:
one.
')
2
3
four.
5. Look into the source code of the page, everything is in full view!
They did not even think of covering up the user's unprotected ass at least https , as is the case with Yandex. The latter, meanwhile, has already fixed everything.
Do free mailboxes still hope their data is secure? And how!
This topic will not be different originality, and in it I will again rub salt on the wounds of clients of free postal services. In the comments to my previous topic “ Robbery in an amateurish way or how Yandex stores passwords ” bar_boss indicated that Mail.ru is also not distinguished by concern for the protection of user credentials. I decided to check, and here's the result - the same vulnerability in all its glory. Mail.ru users, hello! Talking about the sluggishness of Mile's support service, unlike Yandex’s similar service, is possible for hours. We bet, how long the specified vulnerability will not be closed ...UPD Saport Mail.ru still reads Habr, after a day, the vulnerability seems to have already been addressed.
UPD2 And RNZ allegedly found another case of sending passwords in clear text .
Everything is simple as in the children's room:
one.
')
2
3
four.
5. Look into the source code of the page, everything is in full view!
They did not even think of covering up the user's unprotected ass at least https , as is the case with Yandex. The latter, meanwhile, has already fixed everything.
Do free mailboxes still hope their data is secure? And how!
Source: https://habr.com/ru/post/82504/
All Articles