Website Sends the Actual Password on the Mobile Number: Considered as the Severe Vulnerability or Not ?


Hi there,


I was just looking at some website which provides free SMS sending service. There are a lot of website which provides this functionality in India. 
So what is a SMS

SMS stands for Short Messaging Service. It uses standardized communication protocols to enable mobile phone devices to exchange short text messages.

There are a lots of website which you can use to send free SMS to a mobile phone all you need to create an account on your desired website and you are ready.

Now I just looked one of the website like that I am not going to mention it's name lets call it site.com.
So on site.com you can use your mobile no to create an account they will deliver a temporary password to you on the given number and after login you have to change the password to your desired one.

Now what is going to happen if you forgot your password. So in case that you forgot your password just enter your mobile no on their password reset page and they will send the password you were using on that website , its pretty simple.
So you noticed anything which can create a risk or threat ?
Some can understand but for the others let me explain that ?


They are not using any hashing algorithm for hashing the password.
If a password is hashed then it can't be converted to the actual text you can only compare other hashes in order to guess the actual word.

Now how I identified that this website is not using any hashing algorithm ?

As I mentioned earlier that once a text is converted into hash it can't be converted back to the actual word from which the hash is generated.
 As the site.com is sending the actual password on the mobile phone it tells us that they are not using any hashing algorithms.
As they are not using the most important security layer of password hashing. Then how you are going to trust this website maybe they are saving all the contacts you added and the message you sent in actual format giving a chance to Hackers to steal all of your info if they got access to the database of that website.




So I will suggest you that you shouldn't have to use those sites which are not providing the most common security layer to its users.

Now the decision is on you do you want to let your private information to be publicly available ? 
If not then beware !!! ..........

Have a Good Day 

Thanks

Jitendra K Singh (Team Computer Korner)  

Special thanks to Moto G
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

0 comments: