RSA Conference registration page asks Twitter credentials, that’s incredible!

Pierluigi Paganini January 22, 2016

It is hard to believe but the RSA Conference registration page is collecting Twitter credentials sending them back to an RSA server, in-security by design!

Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the conference server.

You heard right! The organization of the security conference RSA’s Executive Security Action Forum (ESAF) is collecting Twitter account passwords of participants through a dedicated form.

The final registration page on the RSA Conference website is a promotional social media offering, the data collected are anyway sent to the conference server.

That’s absurd! The page asks for plaintext password, instead implementing the OAUTH authentication mechanism that could preserve user’s data.

Why one of the most important security firms in the world is doing a so stupid thing, experts are shouting to the failure of all the security best practices.

Twitter RSA conference

in this way the user Twitter credentials are sent directly to the organization of the RSA conference.

Twitter RSA conference 2



If you’re planning to attend the next RSA Conference skip the promotional opportunity towards the end of the registration process.

Pierluigi Paganini

(Security Affairs – RSA Event, authentication)

you might also like

leave a comment