Local ISP email login and sign up via insecure connection.



What is the problem?

A particularly severe security risk, this service allows users to check email over an unencrypted connection.

Because passwords for third-party websites can be reset by clicking “forgot password” and having a new one sent to your email address, this flaw puts all connected accounts at risk.

Note that if your portable devices are configured for email, they may leak your credentials when you are out in public using WiFi, when they automatically sync.

Disclosure Policy

Prior to public disclosure, notification about any privacy or security issues discovered were sent by email to the operator of this website on 22nd June 2015, using either an email address publicly discoverable on the site, or the RFC 2142 standards compliant address "webmaster@..." if no public email address was provided.

At time of posting the issue had not yet been resolved.