12306 then exposed vulnerabilities user passwords and other sensitive data leakage

 

Sina

technology news December 25th noon news, today morning, vulnerability reporting platform cloud network appeared on a Chinese railway ticket website 12306 reported vulnerabilities harm level display as "high", "vulnerability type is a large number of user data leakage".

it is understood that this is about 12306 of the vulnerabilities reported hazard registration display as "high", the type of vulnerability is "a large number of user data leakage, this means that this vulnerability will likely lead to all 12306 registered users account, password, identity card, express mail and other sensitive information leakage, and leakage way don’t know yet.

is currently the vulnerability has been submitted to the national Internet Emergency Center for treatment, no further news.

in this regard, China Railway Customer Service Center responded that, after careful verification of my site, this leaked information contains all the user’s plaintext password. All of my website database password is a number of non encrypted plaintext conversion code, the user information leaked online department or other channels through the outflow. Currently, the public security organs have been involved in the investigation.

China Railway Customer Service Center also reminded, do not use third party software to grab tickets, or commission the purchase of the third party website. (Xue Die)

below for China Railway Customer Service Center to respond to the full text:

[remind passengers on the use of the official website of 12306 tickets announcement]

appeared on the Internet, 12306 site user information crazy pass on the Internet, the report, after careful verification of my site, this leaked information contains all the user’s plaintext password. All of my website database password is a number of non encrypted plaintext conversion code, the user information leaked online department or other channels through the outflow. Currently, the public security organs have been involved in the investigation.

I site solemnly remind the passengers, to ensure the information security of the majority of users, please you through the official website of 12306 tickets, do not use third party software to grab votes ticket, or the third party ticket, to prevent leakage of personal information of your identity.

at the same time, I remind the majority of visitors to the site, part of the third party web site to grab tickets artifact, there are bundled sales insurance function, please note that the majority of visitors.