Shop.charliesoap.com sending unencypted passwords to browsers

1 points by visualcsharp ↗ HN
Yep. I just noticed this as I logged in to update my email address. I saw that the password field was actually populated with something so I checked the markup. Sure enough, there was my [fortunately unique and randomly-generated] password in plain text. That means whoever coded their shopping Web site is most likely storing passwords in plain text in a database. I've sent them two messages about this.

0 comments

[ 3.5 ms ] story [ 7.1 ms ] thread

No comments yet.