Security Threat on Tatasky.com website

[popcorn]

It seems tatasky.com has forgotten to add the password field on the login page. You type any subscriber id /RMN and it will show you the details including your name balance left/expiry date/ due date and recommended recharge value & current pack you subscribed totatasky.com - what are you doing?

 

[good2man4u]

You only see subscriber ID, account balance and you can recharge, for rest all features you need to enter password.This is not security flaw or something.

 

[popcorn]

if you know sub id + name + subscribed plans+ balance+due date+balance left, and you call the customer care, they ask you some basic questions which you can answer with this set of information and they can take a request to change plan etc... so it can be a security risk

 

[good2man4u]

Try doing that for any account.This feature is available in airtel DTH for long time now.

 

[popcorn]

I remember my school days when once so called bright student made a mistake in a question in an exam and whole class got the answer wrong for the same mistake !!🙂

 

[netant]

matrix style password box 😀

 

---

[ashootosh]

I was browsing Tata Sky id with my user id and password and after few clicks I was shocked to see that I have subscribed to some udiya channels. Also I had more than usual balance in my account. After few clicks here and there I got another shock to see my name as "Mahesh" or something like that. I guess there website is really messed up now a days and there are some serious security flaws in it.!!