Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Security

Submission + - University password website wide open for 3 years (diamondbackonline.com) 1

An anonymous reader writes: The University of Maryland's student newspaper reported today that the school's password change website allowed malicious users to change the password of any university student or faculty/staff member until this weekend. The website requires users to answer "security questions" and enter their social security number and birth date, but the system didn't actually check those values, so an attacker could have changed passwords to get access to any password-protected university service. The website has been operational for three years, but the school's IT department says no one has exploited this vulnerability.

Slashdot Top Deals

Remember: use logout to logout.

Working...