Thursday 28 June 2012

Even More Teething Problems For Menshn

Following on from my previous post on Menshn Syn0nymph has yet again uncovered another security flaw in the website
Worryingly you can still use someone else's email address to get into Menshn. How? Register with a valid email/and receive a confirmation email which validates you own account. Open mail and click the link and you can then log in and use Menshn to your hearts content.

You can then, if you were of a mind to, edit your profile and change your email login and user name to anything you like. Logout and then login again and instead of being prompted to click on an email confirmation confirming your email change etc you will find you can continue to use Menshn as usual unprompted and without any validation. I just did this and I now have an account called //BobDiamond, using his email address to access Menshn!
So yet another reason to wait a while before you open your Menshn account.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

No comments:

Post a Comment