Absrtact: December 25 Noon News, this morning, the vulnerability report platform Cloud network appeared a about China railway ticketing website 12306 of the vulnerability report, the level of harm showed high, the type of vulnerability is a large number of user data leaks. It is understood that this is about 12306 of the leak
December 25 Noon News, this morning, the vulnerability report platform Cloud network appeared a report on China Railway ticketing website 12306 of the vulnerability, the threat level is shown as "high", the type of vulnerability is "a large number of user data leakage."
It is understood that this is about the 12306 Vulnerability report, Hazard registration appears as "High", the type of vulnerability is "a large number of user data leakage", which means that this vulnerability will likely lead to all registered 12306 users of the account, plaintext password, ID card, mailbox and other sensitive information leakage, and the way of leakage is not known.
User password ID and other sensitive data leaks
China Railway ticketing website 12,306 back should be screenshot
At present, the loophole has been submitted to the National Internet Emergency Center for processing, no further information.
In response, China Railway Customer Service Center responded that through my website serious verification, this disclosure information all contain the user's plaintext password. I site database all user passwords are multiple encryption of the non-plaintext conversion code, the Internet leaked user information through other websites or channels outflow. At present, the public security organs have been involved in investigation.
The China Railway Customer Service Center also cautioned against using Third-party ticketing software to purchase tickets, or to entrust third party websites to purchase tickets.
The following is the full text of China Railway Customer Service Center response:
[Notice on the use of 12306 official websites to remind the general travellers]
On the internet appeared "12306 Web site user information on the Internet Crazy biography" of the report, through my website serious verification, this disclosure information all contain the user's plaintext password. I site database all user passwords are multiple encryption of the non-plaintext conversion code, the Internet leaked user information through other websites or channels outflow. At present, the public security organs have been involved in investigation.
My site to remind the vast number of visitors, in order to protect the vast number of users of information security, please purchase tickets through the 12306 official website, do not use the third party ticket software to purchase tickets, or entrust a third party website to buy tickets to prevent your personal identity information leakage.
At the same time, my site to remind the vast number of visitors, some third-party Web site development of the ticket to steal the artifact, there is a bundled sales insurance function, please pay attention to the majority of visitors.