Reader mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found. From the report (edited and condensed):What.CD is the world’s most popular high quality music private torrent site that requires its users to pass an interview testing their knowledge of audio matters before they are granted an account. Users must maintain a high upload to download ratio to continue to download from the site. […] “I reported it a year ago, and they acknowledged it but said ‘don’t worry about it,'” said New-Zealand-based independent security researcher who goes by the alias ss23.
Read more of this story at Slashdot.
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XY2g-Q_kU0Q/audiophile-torrent-site-whatcd-fully-pwnable-thanks-to-wrecked-rng