This is not my area of expertise (to put it lightly).
I have a site I am using (non IT professional) and it remembers me for x period after log in.When I then go back I don't need to log in again on Chrome. However, the site is set up so when I perform an action within that website (e.g. selling currency) I have to rekey the password to confirm the transaction.
In this scenario, it spits out the password in plain text into the actual site URL and the transaction fails. So it looks like the site doesn't "really" remember me (cookie problem?) but then obviously showing my "secure" password in the URL in plain text is a bit concerning. If I refresh the site and try again - it works fine, no password exposed and the transaction works.
I use this site for some financial activity and I reported to them but they haven't fixed it. Is there a risk here (as I don't want to get my account hacked) as if so I am going to close out my account.
[link] [comments]
from hacking: security in practice https://ift.tt/RNMrkAj
Comments
Post a Comment