• kbin_space_program
    link
    fedilink
    125 months ago

    For a very long time, Salesforce sent login username and password through plain text in URL parameters.

    To the point you could bookmark that URL and skip the login screen. You’d still have to contend with other login security(2FA and/or IP restrictions) but it was a gaping security hole they fixed relatively recently.