05 Oct Security Flaw Leaves Passwords, Admin Details of Online Radio Station Website Exposed
A security flaw on a popular New York-based online radio website was found to pose a significant security risk for the 50,000 radio stations hosted on it.
Roger Hågensen discovered that the API of SoniXCast could easily be exploited to reveal all the passwords hosted by the company. He reported the bug to the site’s owner Brian Walton last May, but received a surprisingly negative response in which he was threatened to be reported to Homeland Security if he continued to insist on the issue.
Troy Hunt of breach verification website Have I Been Pwned calls the SoniXCast’s owner’s response “disappointing”. At present, most of the vulnerabilities on the site still exist. .
Source: ZDNet
