Twitter’s security design has created a problem by allowing user passwrods to be relayed in plain text when feed on the page of a specific tweet. This was reported by an avid user named Zohar Alon together with the CEO of cloud security company, Dome 9. It has been resolved by the site’s security group just now.
Although the main Twitter pae makes use of SSL security to avoid plain text from being revealed publicly, the tweet detail pages has a drop-down sign-in menu that is not using the HTTPS protocol. Anybody who as logged in before the damaged has been controlled has sent their password to Twitter’s servers in plain, readily hackable text.
For replication of the problem, you need to log out of Twitter, click on a link that you took directly to a tweet’s detail page and sign in again using the drop down sheet. This may not be the popular way of logging in for majority of users but others still use it. By doing this, you are actually sending hundreds of copies of your password in plain text.
The drop down menu is not covered by the HTTPS protocol. The possibility of breaching password security is way too large and it is certainly not the level of confidentiality and safety that a popular site with such potential as a gateway to your personal data must use.
Be guided ith how the traffic should appear when logging in on the main Twitter page that is well protected:
Gibberish is perfect. To be perfectly clear, the security on Twitter’s main page is set up correctly. It was specifically the login sheet on the tweet detail pages that was affected by not using HTTPS traffic.
A representative of Twitter gave an update that their security group had searched at the possible weakness and has resolved it.
Users are hopeful that the problem has finally come to an end and that no other security threats will come up soon.