4 comments

[ 2.9 ms ] story [ 22.0 ms ] thread
Awesome job, they should have hired you
I applaud the work done on the research to find the vulnerabilities. But writing about it just to criticize the creators is a shitty reason to do it. I've never known software that's perfect from the start. I hope the author has contacted Colworx to help fix the problems.

The app has a needed function and should be supported rather than just criticized.

If they really put the real password in a public repository, then it's not a minor mistake. It's a huge error.

Perhaps the author could have contacted them to give them a few days before the announcement, so can they delete[1] the data from the repository, but it's nevertheless a huge error.

[1] You can't really delete anything from the internet, it's only a hide button. They can try to change the password in the server anyway.