A swedish insurance company has two different solution for logging in to their system.

1. An advanced high security single sign on solution involving active directory, verification of the network the request came from etc etc.

2. Using a link and passing your credentials in the query string!!! Like: insurancecompany.com?username=admin&password=password.

Solution 2 works with admin accounts from anywhere.

A system is only as strong as its strongest link. Uhhh right ?

I am sure that solution 2 is only "temporary" 🙄

@ReverendLovejoy they'll replace it when it gets "discovered" by someone with bad intentions

@AlgoRythm > "they'll replace it when it gets "discovered" by someone with bad intentions"

Or worse, you privately notify the swedish company and they have the authorities arrest you for 'hacking' their site.

Couldn't happen? It's happening now in Missouri. Gov. Parson is seeking criminal, yes criminal charges for a reporter who found teacher's social security numbers embedded in the HTML (found by selecting F12) on a state government web site.