Pages Menu
TwitterRssFacebook
Categories Menu

Posted by on Jul 17, 2013 in Software |

Tumblr sent in plain text passwords in iOS app

Tumblr sent in plain text passwords in iOS app

During the night of 16 to 17 July at have been very busy and nervous, because nothing else see that his application for iPhone and iPad was updated and the App Store, Tumblr has issued an urgent notice asking all users this … Posted social network? they actualizasen ASAP application, and change the password of Tumblr and any other service that uses the same password.

Although the note in his own Tumblr blog was not any information that has problem this application, confirm that The Register has been one of the most stupid security problems possible: Tumblr sent in plaintext, unencrypted .

This is the less, reportable. Tumblr, service recently acquired by Yahoo! , is focused on providing a single platform to publish all content under a social layer in which anyone can follow other Tumblelogs and “rebloguear” content. Its application for iPad and iPhone have been widely acclaimed for its design, including proposals as an example by Apple advertising campaigns, but it seems that security has been one of the strengths to improve on Tumblr.

The person who discovered the security breach did see it because it was investigating the security of certain apps to see if you can use a business level. To his surprise, he found that with an application as easy to use to scan the network traffic as Wireshark , the password is sent in plain text, unencrypted.

Tumblr sent in plain text passwords in iOS app image 2

Wireshark Capture and user password Tumblr

For Tumblr was advised of this decision updated the application that is already available in the App Store, but it certainly leaves a very serious question of security in Tumblr, a service used by millions of people and is now a subsidiary of Yahoo.

Although highly unlikely, that your password was stolen on Tumblr for you should be connected to a Wi-Fi network where someone should be scanning the net for information.

Links:
Important security update for iPhone / iPad users (Tumblr Staff)
D’OH! Use Tumblr on iPhone or iPad, give your password to the WORLD (The Register)

Tags: , , , , , , , ,