Hall of Fame

Real Vulnerabilities Found by Students

Chris Marshall

Doctor's Android app --plaintext credential transmission

Rajiv Malkan

Conference schedule Android app -- plaintext credential transmission
Jeweler's Android app -- plaintext credential transmission
Community college sending SSNs through broken SSL
Fundraising coupon book uses plaintext authentication
Rewards app with plaintext authentication
Attorney site with plaintext authentication

Scott Stephenson
Pizza retail app--broken HTTPS
Emergency medical service in Texas--broken HTTPS
Mequanint Moges
Construction company plaintext
Realtor HTTP + MD5
John Byers
An important community college app breaks HTTPS
Mehmet Kilinc & Rafat Elsharef
Arabic Medical App plaintext credential transmission
Mehmet Kilinc & Rafat Elsharef -- Mortgage company with broken HTTPS
Mehmet Kilinc & Rafat Elsharef -- Nigerian cellphone company with plaintext authentication
Major ticket sales site using plaintext authentication
Jim Evans
Major television channel watching app with plaintext password transmission
Dating app with plaintext password transmission
Major university broken HTTPS
Major TV sports watching app broken HTTPS
Internet Service Provider with broken HTTPS

Carolyn Lightfoot
Major news app plaintext authentication
Foinancial planner plaintext authentication
Self--publisher plaintext authentication
Sean Che
A whole product line University reward apps that use plaintext authentication
Judy Ligocki
Major sports channel plaintext authentication

Example Vulnerability Report

Example Proof of Concept Page for Plaintext

Example Proof of Concept Page for Broken SSL

Last Updated: 7-29-15