Netfix: ode to in-security in 2017

I was studying how Netfix website works developing a script to reset the password automatically without the need to login and follow the different links simulating a web navigation session, in the meantime i discovered that on 2017 there are still companies like them which let users register using minimum password length 4 characters without any requirements regarding numbers/uppercase/special characters.

There isn’t a captcha to prevent multiple retries so: hello automatic scripts!

This may lead hackers to the stealing of hundreds/thousands accounts passwords using brute force attacks simply using emails lists grabbed from the web.

1234 is still on the top 10 of most common passwords so Neftix why help hackers to guess them?

 

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *