|
|
|
|
|
|
by Hacktivist
5000 days ago
|
|
|
My university had similarly bad security practices. Although not accessible as plain text, the social security number was used when you wanted to change personal information. For example to reset your university email account you needed the last three digits of the ssn and your date of birth. In my case, the school somehow never got my ssn so my ssn in this case was just "0". So theoretically if anyone wanted to change my password they just needed to use "yyyymmdd0" to access it. |
|
|