Cleartext Offender
-
After making a large purchase at the Netgear Store (hey, the price was the same I could get anywhere else), I wanted to check up on my order. Darn, forgot my password. Guess I'll have to reset it...
Open up my email and...
The best part is that there's no spot anywhere in the account interface to make sure they aren't storing your credit card information or to remove the account. So it's down to (useless) emails to their support/privacy team and public name-and-shame. Thanks Netgear!
-
So if I get your email address I can have Netgear reset your password to LULZCLEARTEXT... interesting.
-
@Anketam said:
So if I get your email address I can have Netgear reset your password to *************... interesting.
How did you get my password? =(
-
Just to make sure... your existing password was LULZCLEARTEXT. It's not a case of them sending you a new password over unencrypted mail?
-
Try a SQL injection attack in your password. If security is already that bad, it actually may be worse!
-
Yeah. I mean, it wasn't LULZCLEARTEXT when I initially asked for the password reset, obviously, it was my real password. But I changed the password to LULZCLEARTEXT so that I could make this screenshot, so that I didn't have to put up a redaction bar over that and then have to explain what was going on... to... someone... oh, nevermind.
-
@Tim G said:
Yeah. I mean, it wasn't LULZCLEARTEXT when I initially asked for the password reset, obviously, it was my real password. But I changed the password to LULZCLEARTEXT so that I could make this screenshot, so that I didn't have to put up a redaction bar over that and then have to explain what was going on... to... someone... oh, nevermind.
Thanks for explaining, I was thinking that they always reset it to a standard string, which I would have believed
