Y
Hacker News
new
|
ask
|
show
|
jobs
by
jiggawatts
1046 days ago
The request came from a team that regularly deploys plain-text HTTP anonymous (unauthenticated) APIs for setting user passwords via an injection-vulnerable query.
Don’t worry though, they “encrypt” the password.