Y
Hacker News
new
|
ask
|
show
|
jobs
by
austinz
4478 days ago
Wait, just to be clear - so anyone who downloads this app can trivially retrieve the username and password for all 2000+ users of the app? Did I misunderstand the article?
1 comments
k1kingy
4478 days ago
Basically yes. As he did, he managed to get the API key by doing a TCP dump.
From there he was able to use the key to get the users and plaintext passwords. Very much wtf.
link
From there he was able to use the key to get the users and plaintext passwords. Very much wtf.