SvenVD 0 Posted February 11, 2013 Share Posted February 11, 2013 Dear, In the official Evernote Agent, when you click Usage>Username: "username_link". A browser will popup with you already fully authenticated to your account.The problem is when you click that link it will create a plaintext HTTP GET GET http://www.evernote.com/setAuthToken?auth=xxxxxxxxxxxxxxxxxx=/User.action Everybody sniffing the network, or every mitm like a proxy can intercept this request, replay it and gain FULL access to ALL of your evernote notes... Can this be looked into? Am I missing something? Thanks Link to comment
dlu 628 Posted February 11, 2013 Share Posted February 11, 2013 What version of the client are you using? I seem to get https to come up. Link to comment
SvenVD 0 Posted February 11, 2013 Author Share Posted February 11, 2013 I am running 4.6.2.7927 (268435 ) Public. Thanks Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.