back to article Spiceworks in WTF-class social log-in SECURITY BLUNDER

A serious security flaw has been discovered in the Spiceworks network administration application. The issue, uncovered by Spicehead Darren K Smith, allows anyone with a Facebook or LinkedIn account to log in as an administrator. Spiceworks has responded by temporarily disabling social sign-in until the flaw can be addressed. …

  1. Tezfair

    not good

    Why on earth would you want to sign into a network monitoring program with a social account?

    Seems there is a lot of this going on. Just bloody lazyness to make secure accounts.

    1. Anonymous Coward
      Anonymous Coward

      Re: not good

      The quote I found was The company generates most of its revenue through the sale of ads displayed on its network.. Which suggests why they might allow you to sign in with Facebook or Twitter.

      That said this might not be the best commercial basis for funding help desk and monitoring software.

    2. Anonymous Coward
      Anonymous Coward

      Re: not good

      What could possibly go wrong handing off your security to the likes of Facebook?

  2. JimmyPage

    I just don't get this "sign in with Facebook"

    Why should I want to let Facebook know what other sites I use ?

    1. -maniax-

      Re: I just don't get this "sign in with Facebook"

      "Why should I want to let Facebook know what other sites I use ?"

      Why should I want to let Facebook know anything about me?


  3. Huw D

    Spiceworks Dev team say...

    1. Anonymous Coward
      Anonymous Coward

      Re: Spiceworks Dev team say...

      But spice must flow as any Dune aficionado will know

  4. Destroy All Monsters Silver badge

    Next: Sign in with Baidu.

    1. Gazareth

      Techr (TM) - find hot sysadmins in your area!

  5. This post has been deleted by its author

  6. Jamie Jones Silver badge

    The problem with branching into unrelated industries

    When someone is very successful in one industry, there is a tendancy by them to assume they'd be suitable for other industries as well. - witness the number of actors who launch a singing career or vice verca.

    The same thing appears to have happened here: whilst I am definitely no fan of their music, it's of no doubt that their "girl power" themed pop songs were hugely successful, but in this case, they should have stuck with what they know best.

  7. Anonymous Coward
    Anonymous Coward


    Why would an application provider do this?

    I totaly do not believe the "user convenience" angle. Not with the likes of Facebook and LinkedIn anyway.

    My next thought is there is some corporate-level motivation, in the same way as there is (presumably) some corporate level motivation for all these app installers that now want you to install "optional" addtional snoopware such as Chrome. Presumably $$$$$ are changing hands somewhere.

    What gives?

  8. FozzyBear


    but i'm sure they are taking this situation with a grain of salt

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022