Thursday, May 2, 2013

Insecure passwords

Was in the middle of a "Penetration Testing" exercise and came across an application that sends the users' credentials in cleartext. I was surprised as I rarely encounter this scenario.
This got me thinking if popular apps such as "Facebook" and "Gmail" send our credentials in cleartext too? Fired up "Paros" and the rest they say is history.