All fields marked with an “*” are required fields, aren’t they?
- the internet s premier driver updating serviceguide
- simplify media stuck updating
- Adull dating sites xxx sex poths
- Egyptian free reg sex cams
- Chatav slave
- Topy cam sex
- Interricial adult sex websex chat free
Here’s the current email address “[email protected]”.
Let’s go back to the account recovery form and fill in a fake email address “[email protected]”. it turns out some of those fields aren’t required at all. Myspace only validates name, username and date of birth.
I first stumbled on this vulnerability whilst trying to close my account.
Myspace were kind enough to implement an account recovery feature, which looks like this: I completed the account recovery form assuming that the request would be forwarded to a human who would verify my identity before assisting me in recovering my account.
In April this year whilst roaming the plains of the wild world web, I stumbled across an old Myspace account of mine.
Attempting to gain access and delete the account I discovered a business process so flawed it deserves its own place in history.Myspace then forwards you to a reset password page and kindly reminds you to update any other information associated with your account. Notice the “*” indicating the minimum required information to recover your account.This is listed next to name, username, current email address, email address on account and date of birth.During my preparation for this article, I realised that the vulnerability is even worse than I had first thought.This vulnerability allows anyone access to any Myspace account, with only three pieces of information.After that, select account settings: You’ll find the delete account option below: So how seriously does Myspace take security? I sent an email to Myspace in April documenting this vulnerability and received nothing more than an automated response.