A security researcher has discovered two vulnerabilities that allow an attacker to steal users passwords from McDonalds official website. Tijme Gommers waited less than two weeks to go public with details of the flaws he had discovered with McDonalds.com. He only needed to steal a user’s unique cookie to obtain their password and print it in a browser alert. The researcher also found code that decrypted the password client side of the website using CryptoJS to encrypt and decrypt sensitive data. He did so on 24 December right at the start of the holiday season.”]
Source: https://grahamcluley.com/steal-mcdonalds-user-passwords/

