Sign in / up

back to article Pinterest, Yammer scramble to patch login thievery headaches

Pinterest has patched a vulnerability that meant its iPhone app leaked passwords to other surfers on the same network. An earlier version of the Pinterest iOS app fails to validate the server certificate, potentially allowing a suitably positioned attacker on the same network to steal login credentials related to the photo …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mark 85

    Users of Yammer iOS version 6.4.25.850 and Pinterest for iPhone v4.5 both need to upgrade to skirt potential login token-thieving problems.

    Well, if it doesn't upgrade itself, I'm believing that most of the affected users won't get the upgrade. Given what I've seen, they'll all be "too busy" or "I didn't hear that"....

    1 0 Reply
    1. Brewster's Angle Grinder Silver badge
      Reply Icon
      Coat

      "Updates are for nerds."

      1 0 Reply
  2. John Brown (no body) Silver badge

    I hate Pinterest with a passion

    ...since image searches seem to throw up many, many results from the damned site and they recently decided that if you are not signed up they will slap a huge login popup over the page making it unusable for non-members. Of course,this just boosts their membership in the short term making their log-in credentials more desirable to hackers. I await their appearance in the major ID breach hall of shame. It's only a matter of time.

    0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Yammer are specialists in this kind of thing

    Having worked a little with the Yammer API I can safely say that there is very little that Yammer can do in terms of wide-screen ineptness that would surprise me.

    A recent update to limit XSS vulnerabilities in their JavaScript API meant you had to provide a list of safe domains that your Yammer app communicates with. Everyone's apps immediately stopped working because Yammer had omitted to add their own domain to the "allowed" list and nobody could interact with their scripts any more.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like