P
P
Pavel2015-02-19 17:06:59
Email
Pavel, 2015-02-19 17:06:59

Is it a vulnerability that a certain service does not hide the email addresses of its users well?

There is some service where you can post your comments. When posting, be sure to include your email address and your first and last name. The commentary is publicly available. First and last name are displayed. Email is not displayed, but if you search well, you can find it :).
My personal opinion is that emails should not be available. Some emails are logins for authorization on this service. Plus, you can collect a targeted spam database (email + first name + last name + something else).
Does it make sense to publish an article on Habré on the topic of this vulnerability, how it was discovered and what needs to be done in order not to step on this rake? Naturally, the article is published after the hole is closed.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Armenian Radio, 2015-02-19
@TheSteelRat

The best way to find out if a post makes sense is to make it. If after that the publication received a positive rating, and the author did not end up in ReadOnly, it makes sense.

V
Vladimir Martyanov, 2015-02-19
@vilgeforce

If the jamb on the site is non-trivial - you can tell, IMHO.

U
Uncle Seryozha, 2015-06-23
@Protos

Here, when registering or in the settings, the user must choose whether or not to show his mailbox, this is his choice. If there is such a choice, and there is his soap in the traffic, then of course this is wrong. habrahabr.ru/post/257951

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question