The US president ordered a board to probe a massive Russian cyberattack. It never did. - eviltoast
  • kbin_space_program@kbin.run
    link
    fedilink
    arrow-up
    13
    arrow-down
    1
    ·
    4 months ago

    For a very long time, Salesforce sent login username and password through plain text in URL parameters.

    To the point you could bookmark that URL and skip the login screen. You’d still have to contend with other login security(2FA and/or IP restrictions) but it was a gaping security hole they fixed relatively recently.