News

Your Username Will Now Serve as Your Password and Your Password as Your Username

You might have read this on Hacker News/reddit, but still, this is too much of a WTF NOT to share.

Basically, if you try to login to Caledonian Record, – a St. Johnsbury, Vermont based media website which

recently put the site behind a pay wall and I can no longer catch up on hometown news

you get an “announcement” of epic proportions

RETURNING CUSTOMERS, PLEASE NOTE THE FOLLOWING SECURITY CHANGE: YOUR USERNAME WILL NOW SERVE AS YOUR PASSWORD AND YOUR PASSWORD WILL NOW SERVE AS YOUR USERNAME

*facepalm*.

“Icing” on the cake?

Not unsurprisingly, x’ AND email IS NULL; — works as the username with no password. Injection FTL.

It seems like any username that includes a semicolon at any point will authenticate

Security change, indeed.

via Hacker News | Your Username Will Now Serve as Your Password and Your Password as Your Username.

4 Comments

  1. Pingback: Sathya
  2. Pingback: Rahul Mathur
  3. Pingback: Keith Dsouza
  4. Truly, stumbled upon your blog via other topic. After quickly reading through some pages, I thought that this is quite interesting newssite. I’ll likely visit more later on – and I’ve already added a bookmark. Is there a feed aswell? Makes it easier to hear about any updates, really! Kisses from Finland.

Leave a Reply

Your email address will not be published. Required fields are marked *