-
August 18th, 2009, 08:27 PM
#1
tagged.com emails auto-login
I just signed up for tagged.com because I heard about something strange...
Apparently - they send email notifications with tokens in the URL that authenticate you automatically to their site after clicking...
I was wondering what kind of vulnerabilities would exist with this... For instance if my email account is ever used by anyone else again, they would receive these emails that let them into my account.
At the same time though, password reset emails would get them in all the same.
Does anyone else see this as a problem? It seems fishy...
-
August 18th, 2009, 09:45 PM
#2
Originally Posted by d34dl0k1
I just signed up for tagged.com because I heard about something strange...
Just a word to the wise, tagged doesn't have the best of reputations. Quite a lot of profiles are fake.
Apparently - they send email notifications with tokens in the URL that authenticate you automatically to their site after clicking...
That's correct. They're not the only social network site that does this btw.
I was wondering what kind of vulnerabilities would exist with this... For instance if my email account is ever used by anyone else again, they would receive these emails that let them into my account.
Correct. You also need to be careful when forwarding said emails. It will contain a link anyone can use to login on your account.
Does anyone else see this as a problem? It seems fishy...
As I said, I've seen more sites do the exact same thing. Just be careful were you leave those emails.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 19th, 2009, 11:42 AM
#3
Last edited by nihil; August 19th, 2009 at 11:46 AM.
-
August 19th, 2009, 12:40 PM
#4
-
August 19th, 2009, 02:35 PM
#5
One plaintiff is an 11-year-old boy who joined Facebook and then posted that he had swine flu and uploaded pictures or video of "partially-clothed" children swimming, according to the lawsuit.
Did people not catch the slight references to memes in that paragraph?
Edit: How much do you want to bet that the pool is closed due to swine flu?
Last edited by The-Spec; August 19th, 2009 at 06:13 PM.
-
August 23rd, 2009, 04:15 AM
#6
-
August 23rd, 2009, 05:30 AM
#7
Hello Patrick,
My gosh, they were "partially clothed"
ah! but it doesn't say which part?
Obviously the 11-year old's suit was written by his parents
Who I would now have reported to the Social Welfare..........the parents let him run feral on the interwebz?
56 days in Colchester Military Corrective Training Centre............he will come out as something useful for Iraq/Afghanistan, or a vegetable
Similar Threads
-
By FanacooL in forum Computer Forensics
Replies: 13
Last Post: September 5th, 2006, 09:46 AM
-
By valhallen in forum Programming Security
Replies: 10
Last Post: August 29th, 2006, 10:46 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By mani034 in forum *nix Security Discussions
Replies: 5
Last Post: September 25th, 2003, 01:19 PM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|