Citicard and Stupidity…

So the other day I got the itch to finally correct some ancient passwords of mine to secure single use passwords. Citicard was among those needing to be updated. I go and set the new password (20 alphanumeric chars) and the page kicks back at me stating my password doesn’t meet the requirements! Needless to say I tried many variants and insuring my password chosen does in fact meet the guidelines before I go digging in the page source javascript. Low and behold I find this in a return value:

passwordPatternValidation(myForm.currentPassword) &&
passwordPatternValidation(myForm.password));

They are CHECKING THE OLD PASSWORD AND THE NEW ONE! So I could do a few things here, I could try to jailbreak the javascript prison since that’s run on the user side, or I could take the time to try and inform them of their error. As should be guessed by now I tried to do the right thing and inform them and get the issue fixed and the solution to them was to delete my entire profile and have me re-register! Shame.

This entry was written by Shadowmite , posted on Friday February 08 2013at 08:02 am , filed under News and tagged , , , , . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

Comments are closed.