Log in

Alumni Database - LSMSA United [entries|archive|friends|userinfo]
LSMSA United

[ website | LSMSA Website ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Alumni Database [Jan. 25th, 2008|08:57 am]
LSMSA United


A repost from facebook group if any one did not get it. New LSMSA webpage and alumnia database.

"Alumni Central
Your login I.D. is an eight digit number consisting of the last 4 digits of your social security number and the year of your graduation (i.e. 55551994). Your temporary password is �eagles�. You will be prompted to set a unique password after your first successful login. ...
Doorway to the Alumni Central database"

From: (Anonymous)
2008-01-26 12:44 am (UTC)

Plaintext passwords

I'd be careful with the password you choose. They store their passwords in plaintext (not md5 hash, encrypted). Also their site is susceptible SQL injection attacks. Just a word of caution, use a different password from any other you normally use.

- Mark McKelvy c/o 2004
(Reply) (Thread)
From: (Anonymous)
2008-01-31 03:41 am (UTC)

Re: Plaintext passwords

I also find it especially disconcerting that their login is based on your SSN. Why should the Alumni Association or Alumni Central have access to that information and what use could they have of it?

SQL-injection vulnerabilities,while embarrassing, are almost forgivable, but storing your passwords in plaintext is just inexcusable.

Phillip Alday
c/o 2004
(Reply) (Parent) (Thread)
From: (Anonymous)
2008-05-12 11:51 pm (UTC)

Re: Plaintext passwords

sheesh, thanks for the heads up!
(Reply) (Parent) (Thread)