101
Teosz
7y

So our public transportation company started to sell tickets online with their brand new fancy​ system.

• You can buy tickets and passes for the price you want
• Passwords are in plaintext
• Communication is through HTTP
• Login state are checked before the password match so you can basically view who is online
• Email password reminders security code can be read from servers response

Oh and I almost forgot admin credentials are FUCKING admin/admin

Who in the fucking name of all gods can commit such idiocracy with a system that would be used by almost millions of people. I hope you will burn in programming hell. Or even worse...

I'm glad I'm having a car and don't have to use that security black hole.

Comments
  • 9
    Free tickets inc

    Also bojler eladó
  • 11
    @xenonth
    Sadly, I think it's the opposite. They've got charged thousands of dollars and received that piece of garbage.
  • 0
    Country?
  • 1
    @dontbeevil @HnDev
    It's Hungary
  • 5
    But does it look good?
  • 3
    @epse
    I don't use it personally thank God, checked the intro page, looked good, but there's no way I am going to input anything on that site.

    BTW. Monthly operating costs approximately 83000$. WTF???
  • 5
    @Teosz report it to them and pitch them that you can do a better job than that

    maybe you can rebuild it, start your own company 😉
  • 0
    @Teosz you meant yearly $83k ?
  • 1
    Our town major paied 50.000 got a logotype design. So yeah
  • 0
    @some-one
    No. It's MONTHLY...

    @DarKneT
    It's in public beta and the vulnerabilities already hit the news. They've​ said the bugs will be patched to official release.
  • 0
    @Teosz wow! What infrastructure costs such money? And do they actually generate such much income to cover up those huge recurring costs?
  • 1
    Sounds like a new Dev company will be their feature request
  • 1
    @some-one That cost is not unlikely I guess. Our government ordered a tailored system to recover taxes, which was faulty from the very beginning, yet it made production. That resulted in nearly 18 billion dollars not being recovered. And the system itself cost around 150 million dollars
  • 0
    the cost is normal for railway companies. i guess the website was made by a relative of the director, i smell coruption. 😆
  • 1
Add Comment