Serious hole in homepage security??

maninmacmaninmac
Posted:
in iPod + iTunes + AppleTV edited January 2014
I recently set up a 'secure' directory through homepage for use with some work files. What I noticed was this: from my work PC at least, if I go to the URL http://homepage.mac.com/robinc/extranet I get the password prompt as well I should.



However, if I add an extra slash, as in: http://homepage.mac.com/robinc//extranet the security password is bypassed, and the site is displayed.



I assume that this is not supposed to be the case? If so, it does not seem very secure...



Can anyone else please try this and verify that it is in fact the case.



Thanks!



\

Comments

  • Reply 1 of 12
    kickahakickaha Posts: 8,760member
    Woah, yeah.
  • Reply 2 of 12
    baumanbauman Posts: 1,248member
    Yikes. They better get on that one quick.



    In the meantime, you may want to remove your .mac name from the above posts, so that more folks don't get in.
  • Reply 3 of 12
    ipodandimacipodandimac Posts: 3,273member
    email apple right now
  • Reply 4 of 12
    maninmacmaninmac Posts: 64member
    I am glad that it is not just me.



    There is nothing private on there yet (no content), but I changed the content just in case.



    I e-mailed it to Apple, but am glad too that the word is out in case anyone really had something private on their site...



    R.



  • Reply 5 of 12
    curiousuburbcuriousuburb Posts: 3,325member




    where's that damn :eek: smiley when you need it
  • Reply 6 of 12
    torifiletorifile Posts: 4,024member
    Wow. Good find.
  • Reply 7 of 12
    gabidgabid Posts: 477member
    I like the new "info" you're posted on your "private" site



    Seriously though, I'm very glad you brought this to everyone's attention. I'm on the verge of getting .Mac myself and this is a very good thing to know. Let's hope that Apple takes care of this sooner than later!



    Actually, for anyone who is currently a .Mac member, is there any prior mention of this on the members-only support boards?
  • Reply 8 of 12
    bartobarto Posts: 2,246member
    Ouch, I'm glad I don't keep anything private on my homepage!



  • Reply 9 of 12
    maninmacmaninmac Posts: 64member
    I called Apple, and spoke to a guy in .mac support. His response was basically "oh my god, let me go and speak to..." and he was gone.



  • Reply 10 of 12
    gabidgabid Posts: 477member
    Quote:

    Originally posted by maninmac

    I called Apple, and spoke to a guy in .mac support. His response was basically "oh my god, let me go and speak to..." and he was gone.







    Nice to see that they fixed it. I thought I'd try your link to see if anything had changed and, happy to see that it has for the better! Always glad to see responsive customer service.
  • Reply 11 of 12
    maninmacmaninmac Posts: 64member
    You know, I did not even notice!



    That is quite impressive, it is indeed fixed...Go Apple!



  • Reply 12 of 12
    andersanders Posts: 6,523member
    Quote:

    Originally posted by maninmac

    You know, I did not even notice!



    That is quite impressive, it is indeed fixed...Go Apple!







    I hope there is a G5 at your doorstep tomorrow.
Sign In or Register to comment.