Security flaw at wagerstreet

louis · 11-07-07 09:50 PM

Wagerstreet is in fact a very reputable sportsbook, but I would like to make everyone aware of a security flaw.

Every time you log in, a box asking "remember my login details?" will default to automatically being checked every time.

One must remember to uncheck this each and every time they log in, or anyone visiting wagerstreet on that computer will automatically be completely logged into your account.

You may be the only one using your computer, but if your computer were to get stolen I don't want automatic logins to my accounts at sportsbooks. The default option should be for this not to happen.

Everyone should run a test of every sportsbook they use, and make sure that they are not automatically logged in just typing into the URL. This is bad!!!!!!!!!!!!!!!!! And Wagerstreet is amongst the worse offenders helping to easily set it up this way with their check box defaulting to yes.

Books need to never ever save this information in cookies, or otherwise. If I ask windows to remember a password, that should never be a default, it should be my own asking of windows to do this.

I ask that wagerstreet and any of their sister books (betall sports?, fix this security problem, now)

Wagerstreet should never even ask for the option to remember login details. Windows already has this. If Wagerstreet absolutely insists on doing this, then the default should be NO, do not remember my details.
Thank you

Mason · 11-07-07 10:06 PM

Have you spoken to Wagerstreet about this issue?

Justin7 · 11-07-07 11:48 PM

I haven't played there in years... When you place a wager, do you need to re-enter your account password? If yes, I'd say their current security is fine.

20Four7 · 11-08-07 04:07 AM

I haven't played at wager street but I know a lot of books will remember the account name. If there is a box about remembering the password I uncheck it always. Most of my accounts need the password to place a bet.

Keith Richard · 11-08-07 05:27 AM

Originally Posted by Justin7

I haven't played there in years... When you place a wager, do you need to re-enter your account password? If yes, I'd say their current security is fine.

You need your initials to verify all bets. I have noticed that about the check box defaulting to yes myself in the past.

jjgold · 11-08-07 06:06 AM

Wagerstreet has been like this forever, no issues

Same thing as using roboform and someone on your pc

louis · 11-08-07 06:10 AM

You just enter your initials to confirm a wager. But there is also ways to use the casino ...

Justin, with all respect, I do not think their security is fine.

This sportsbook, is by itself remembering both your username and password and automatically filling it in for you every time you enter the wagerstreet URL, www.wagerstreet.com. I do not know of any other book that does that, except if you ask windows to remember your password - but there is no automatic default for this you can tell windows to stop asking.

If you go to the library, or work, and forget to uncheck the remember login details box, the next person who enters www.wagerstreet.com is going to get right into your account. The only way to prevent this is to uncheck a box, each and every time you log in.
You should be able to have this box permanently unchecked.

Yes, I did send an email to wagerstreet about this.

They appreciated my comments but haven't changed anything.

diglett · 11-08-07 08:48 AM

This surprised me as well, as it's the first book I've used that does this.

I actually prefer it though and wish others would adopt this practice. Google Mail is a popular site with a similar arrangement.

Mason · 11-08-07 10:21 AM

"Yes, I did send an email to wagerstreet about this.

They appreciated my comments but haven't changed anything."

Fair enough!

louis · 11-12-07 03:15 PM

If you bring it up on your screen, and minimize the window, you never have to log in again. This is bad. Almost all sportsbooks automatically time out and force you to enter your password again.

Justin, NO you do not have to ever enter your login details again. Just type in www.wagerstreet.com and you are all logged in.

I understand you guys that like this, but it should not be the default way things are done.

NeedProtection · 11-12-07 11:24 PM

Most people bitch because a book times out too quick, now a post bitching about the book never timing out? Are you kidding?

Wagerstreet's sessions never expire if you leave that box checked and the cookie stays active.

There are other books that do this by the way.

WSEX is one.

I think the Greek is another.

Never expiring sessions are a good thing for the user and if you are too stupid to uncheck the box then god help you.

louis · 11-12-07 11:58 PM

With Wagerstreet the session does not time out. With Wsex and Greek it certainly does.

That is problem number one.

Problem number two with wagerstreet, the default is a checked box that automatically logs anyone in the computer into your account upon typing of the URL. Entering the account and password are not necessary.

If you don't like this, then you have to remember to uncheck a box every single time.

Not everyone uses a private computer at home. If they use one at work, at the library, at Kinkos or somewhere else it is annoying to have to uncheck a box everytime you log in.

Wsex and Greek do not work like this. With Wsex and Greek, the default setting is to enter a password every time.

Wagerstreet needs to fix this bug with their software, and users need to be aware to uncheck the automatic login box each and every time they log in, unless they really want automatic logins to their account by anyone who enters the URL on their computer.

Users of Wagerstreet also need to make sure they log off of their account, and/or close the window completely before leaving if not at their own private computer.

NeedProtection · 11-13-07 12:18 AM

With Wagerstreet the session does not time out. With Wsex and Greek it certainly does.

No it doesn't. You stayed logged in forever.

Please stop making stuff up and STFU. This is a seriously stupid thread. Don't check the box if you dont want to stay logged in.

Or how about this. How about remembering to log out you lazy ****?

Whatever. Carry on with your nonsense.

Good luck.

4FUN.AND$$ · 11-13-07 12:39 AM

louis has a good security issue that should be addressed. Comments by needprotection are unwarrented. louis is just trying to brind to light an issue that many may or may not be awware of. Nothing wrong with that IMO. Thanks louis

louis · 11-13-07 02:09 AM

I'm just trying to be helpful to people, here. Don't understand why it is making people upset.

RickySteve · 11-14-07 12:11 AM

Wagerstreet's horrendous software is great for anyone with a clue.

SBR Top-Rated Sportsbooks				Best Sportsbooks List
#1 FanDuel	SBR rating 4.8/5	Review	#6 BetRivers	SBR rating 4.1/5	Review
#2 Caesars	SBR rating 4.7/5	Review	#7 Fanatics	SBR rating 4.1/5	Review
#3 DraftKings	SBR rating 4.7/5	Review	#8 Betway	SBR rating 3.8/5	Review
#4 BetMGM	SBR rating 4.6/5	Review	#9 Borgata	SBR rating 3.5/5	Review
#5 bet365	SBR rating 4.6/5	Review	#10 ClutchBet	SBR rating 2.9/5	Review

Thread Tools

Security flaw at wagerstreet

Wagerstreet also never times out

No, Wsex and Greek do not work like Wagerstreet

Just trying to help people here