Sandeep Singh Rawat (sandeeprawat) wrote,
Sandeep Singh Rawat
sandeeprawat

Rediff.com sends the clear text password to the Server

I was just testing if rediff.com still sends the passwords in clear text. I found that out once in my

college days while sniffing the college network. I thought that they might have patched it so today while playing around with gmail's

I thought to give Rediff.com a try.
And see what I found. This is the code from the home page of http://www.rediff.com




It must be very clear if you ever read HTML. It just calls the login.cgi and provides the User name and Password in clear text (using POST method).

Look at the Request object your browser is sending


So now anyone who can read your data have your password. It's not that hard to sniff the data. If you are using LAN (using hubs) anyone can read your data. Beaware if you are in a cyber cafe, your neighbour might be reading your emails or may be sending emails to your GF/BF.
Subscribe

  • FilmFare website

    I’m working on a new filmy site called Film-Fare.com. My aim is to provide users with latest Bollywood news, gossips, celebrity pictures and stuff…

  • Funny–Indian Youth Education Series

    Note: Cross posted from Blog@sandeep. Permalink Random TV Presents Mahilao se Baatcheet : Ek Margdarshak (how to talk to the ladies – A Guide)…

  • Comic - Engineering Process

    Disclaimer: The intent of this comic strip is pure fun. No harm is intended to anyone. Artist: Alone Dreamer     Source:…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments