Zohar Alon, the CEO of cloud security company Dome9, discovered a security flaw in the design Twitter. One of the 'Sign in' forms failed to use secure connection and sends the password in plain text.
The main twitter sign in page uses secure connection and encrypts login credentials to prevent hackers from obtaining the data. But , the drop down sign in menu in the tweet details page failed to utilize the HTTPS(secure) connection.
|Vulnerable Twitter sign in form|
It means that a malicious hacker can capture the login credentials by sniffing the victims' network traffic.
Afrer being notified by The Next Web about this critical vulnerability, the Twitter security team has addressed the issue. Now it uses HTTPS protocol for the sign in page.