I’d like to remind everyone that OsmAnd is an open app, with both mobile and webside code available on GitHub. The author would be grateful if anybody here updated the php code to use OAuth instead of login and password:
https://github.com/osmandapp/osmandapp.github.io/tree/master/website <https://github.com/osmandapp/osmandapp.github.io/tree/master/website> Ilya > 12 янв. 2018 г., в 16:15, Darafei Komяpa Praliaskouski <m...@komzpa.net> > написал(а): > > Hi, > > https://osmand.net/osm_live <https://osmand.net/osm_live> requests user's OSM > password and e-mail in exchange of promise of bitcoin payment. > > There is no way to check that the password is not being collected, with or > without knowledge of service authors. At least 1100 accounts may be affected. > > Simplest attack vector may be "if password matches on google drive of this > e-mail and there's a backup of wallet there and password matches there too, > get all the money from there". > > What can be done on osm.org <http://osm.org/> side to mitigate it? > Can password reset be forced for affected users, and for those who keep > coming to that form? > _______________________________________________ > dev mailing list > dev@openstreetmap.org > https://lists.openstreetmap.org/listinfo/dev
_______________________________________________ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
