Epic Security Fail

One of the websites I tried to use for a free PHP host was IsMyWebsite.  Well, I'm glad I did, because I got to be witness to one of the most ridiculous security failings ever.

Previously I already had to complain about their passwords being passed from page to page through GET headers, they've outdone themselves.  This morning I and every other IsMyWebsite user was sent an e-mail for forgotten passwords suggesting we choose just one of the accounts registered under our e-mail...which included every username and password for the site.

And in case you're wondering, the change password form doesn't work.

Posted by Ellyoda Mon, 11 Aug 2008 11:33:50 (comments: 4)
Foolz
 
Mon, 11 Aug 2008 11:37:09
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHA!

Wow, that sucks.
gamingeek
 
Mon, 11 Aug 2008 14:10:51
WUT?
Ellyoda
 
Mon, 11 Aug 2008 14:24:19
^A webhosting site sent an e-mail containing every username and password out to its members LOL
Ravenprose
 
Mon, 11 Aug 2008 16:41:11
Doh! LOL
Log in or Register for free to comment
Recently Spotted:
*crickets*
Login @ The VG Press
Username:
Password:
Remember me?