Sandeep Singh Rawat (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} sandeeprawat) wrote,@ 2006-05-09 23:18:00 |
|
Rediff.com sends the clear text password to the Server
I was just testing if rediff.com still sends the passwords in clear text. I found that out once in my
college days while sniffing the college network. I thought that they might have patched it so today while playing around with gmail's
I thought to give Rediff.com a try.
And see what I found. This is the code from the home page of http://www.rediff.com
It must be very clear if you ever read HTML. It just calls the login.cgi and provides the User name and Password in clear text (using POST method).
Look at the Request object your browser is sending
So now anyone who can read your data have your password. It's not that hard to sniff the data. If you are using LAN (using hubs) anyone can read your data. Beaware if you are in a cyber cafe, your neighbour might be reading your emails or may be sending emails to your GF/BF.
I was just testing if rediff.com still sends the passwords in clear text. I found that out once in my
college days while sniffing the college network. I thought that they might have patched it so today while playing around with gmail's
I thought to give Rediff.com a try.
And see what I found. This is the code from the home page of http://www.rediff.com
It must be very clear if you ever read HTML. It just calls the login.cgi and provides the User name and Password in clear text (using POST method).
Look at the Request object your browser is sending
So now anyone who can read your data have your password. It's not that hard to sniff the data. If you are using LAN (using hubs) anyone can read your data. Beaware if you are in a cyber cafe, your neighbour might be reading your emails or may be sending emails to your GF/BF.
