Announcement

Collapse
No announcement yet.

eSignal/quote.com username and password are visible when running the new LiveCharts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • eSignal/quote.com username and password are visible when running the new LiveCharts

    The username and password are visible in cleartext when looking at the source code window while running the new LiveCharts. Simply right-click a few pixels inside the left window border and select "View Source". Only 22 lines of code will be displayed and your login and password can be seen towards the bottom. At least in the old version, the password was encrypted!

    Not only can you walk up to a LiveCharts user's screen and easily get their PAID account login but it is also passed, unencrypted, across the network.

  • #2
    Re: eSignal/quote.com username and password are visible when running the new LiveCharts

    Originally posted by mr-transistor
    The username and password are visible in cleartext when looking at the source code window while running the new LiveCharts. Simply right-click a few pixels inside the left window border and select "View Source". Only 22 lines of code will be displayed and your login and password can be seen towards the bottom. At least in the old version, the password was encrypted!

    Not only can you walk up to a LiveCharts user's screen and easily get their PAID account login but it is also passed, unencrypted, across the network.
    absolutely unbelievable!!! how can something like that ever happen???

    this new product is no way ready to go in production.

    they should first think hard and do everything to make the new one AT LEAST as good as the old one is - and at least until then keep the old version available.

    unbelievable...

    Comment


    • #3
      Thank you for raising this issue. Security is an important issue to us, and we try to catch these holes before they are released into production. Admittedly, we can't catch them all, but we do already have a fix for this coming. During this last week's testing, we confirmed that the fix does address this issue and closes this security hole.

      The version that is scheduled for next week's release (week of April 7th) will have both the source page fixed and the network delivery of UN/PSW information will also be in a highly encrypted format.
      Regards,
      Jay F.
      Product Manager
      _____________________________________
      Have a suggestion to improve our products?
      Click Support --> Request a Feature in eSignal 11

      Comment


      • #4
        This is a follow-up to my original posting confirming that the password no longer appears in cleartext when the source code of the page is viewed. The password field is now an encrypted string of digits.

        Comment

        Working...
        X