Password Security Fail on jobsites (UK)?
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
I just have a password reminder sent from two different job sites (cwjobs / totaljobs) and what concerned me a bit is that both 'random generated' passwords are identical.
It is obvious that these sites have the same back-end (same search engine etc.), but account details won't work across the sites so the database, at least not the user account details, seem to be shared, and yet, the resettled random password is identical.
Makes me wonder if that is the standard password they use for resets.
If that is the case then I also wonder into how many random accounts you can login using the same password.
Needless to say I will fire up an email to both asking for an explanation. But that is really rubbish.
Also going to try signing up with random details and see what password it is spitting out.
It is obvious that these sites have the same back-end (same search engine etc.), but account details won't work across the sites so the database, at least not the user account details, seem to be shared, and yet, the resettled random password is identical.
Makes me wonder if that is the standard password they use for resets.
If that is the case then I also wonder into how many random accounts you can login using the same password.
Needless to say I will fire up an email to both asking for an explanation. But that is really rubbish.
Also going to try signing up with random details and see what password it is spitting out.
My own knowledge base made public: http://open902.com