?

Log in

No account? Create an account
   Journal    Friends    Archive    Profile    Memories
  flyingdeath | Sandeep Singh Rawat | gbpec | GBPEC official site | Sandeep Singh Rawat (Blog) |

Rediff.com sends the clear text password to the Server - Slowly dying

May. 9th, 2006 11:18 pm Rediff.com sends the clear text password to the Server

I was just testing if rediff.com still sends the passwords in clear text. I found that out once in my

college days while sniffing the college network. I thought that they might have patched it so today while playing around with gmail's

I thought to give Rediff.com a try.
And see what I found. This is the code from the home page of http://www.rediff.com




It must be very clear if you ever read HTML. It just calls the login.cgi and provides the User name and Password in clear text (using POST method).

Look at the Request object your browser is sending


So now anyone who can read your data have your password. It's not that hard to sniff the data. If you are using LAN (using hubs) anyone can read your data. Beaware if you are in a cyber cafe, your neighbour might be reading your emails or may be sending emails to your GF/BF.

- Leave a commentPrevious Entry Share Next Entry