Wednesday, May 12, 2010

Twitter and clear text passwords when changing settings

There are a few links around and I actually Tweeted about this last week, but figured I'd put it here since it is a bit more permanent.

If you change any settings in Twitter it pushes that password in the clear text. Initial login is secure, but changes to settings afterward reprompt for password, and this one is sent in the clear. Something to be aware of! (Also sounds like password changes once logged on may be sent in the clear also, I didn't verify this one)

I found out about it from the NetworkMiner list and verified the issue myself. I sent something onto twitter through their help page, but haven't heard anything on it nor do I know if they've updated it, but here was the original thread and another video demo:!

No comments: