Megafon - do you have this vulnerability?

V

vsespb2015-08-13 14:37:49

Megaphone

vsespb, 2015-08-13 14:37:49

I go from my mobile to
https://szfsg.megafon.ru/ps/scc/mobile/
Immediately I get the opportunity to enter my ServiceGuide without a password. At the same time, the corresponding checkbox is in the settings and is in the "forbidden" position, while I never touched it.
It looks like a hole. I reported to tech support but got no results.
Q: Does everyone have this?
UPD: published an article on Habré about this habrahabr.ru/post/264849

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

R

Ripich, 2015-08-16
@Ripich

Moreover, through the Internet rummaged through the iPad, he managed, working from a laptop, to get a paid subscription without any notifications. Found out only a day later.

H

hobbyte, 2015-08-13
@hobbyte

There is a ban.
When opening, it asks: "log in under your number or under another" + checkbox: "remember for 7 days".

D

Dima, 2015-08-13
@CrazyFail

You may be using "mobile internet", so access to the service guide is possible without a password

R

RadialAdmin, 2015-08-17
@RadialAdmin

Not quite in the topic, but suddenly someone reads. When connecting a dedicated IP to a megaphone, carefully read all the pages of the agreement, there is a zanykanny moment that your traffic will be charged without taking into account options, i.e. at an exorbitant price.