SvenVD 0 Posted February 11, 2013 Share Posted February 11, 2013 Dear, In the official Evernote Agent, when you click Usage>Username: "username_link". A browser will popup with you already fully authenticated to your account.The problem is when you click that link it will create a plaintext HTTP GET GET http://www.evernote.com/setAuthToken?auth=xxxxxxxxxxxxxxxxxx=/User.action Everybody sniffing the network, or every mitm like a proxy can intercept this request, replay it and gain FULL access to ALL of your evernote notes... Can this be looked into? Am I missing something? Thanks Link to comment
This topic is now archived and is closed to further replies.