FIGURE 4-10. Email from SmartThings allowing password reset
The “click here to reset your password” link is in following form:http://mandrillapp.com/track/click/30028387/graph.api.smartthings.com
?p=sdf9234msafd0234ASFASDf234023042342masdf0234SDAFSDF0234msdf0asfdsd
f02342msadWhen the user clicks on this link, the browser is redirected to the SmartThings website
with a link such as this:
https://graph.api.smartthings.com/register/resetPassword?t=2304ksdf0As
dfa3sdfd4asfasdfUpon redirection, the user is allowed to pick a new password, as shown in Figure 4-11.FIGURE 4-11. User picking a new password as part of the password recovery process
There are several security issues with the SmartThings authentication and authorization
systems.
CHAPTER 4: BLURRED LINES—WHEN THE PHYSICAL SPACE MEETS THE VIRTUAL(^98) SPACE