search

ncsu-csc326 / iTrust2

The iTrust2 project is used to teach Software Engineering at NC State University
https://www.csc.ncsu.edu/
Eclipse Public License 2.0
7 stars 10 forks source link

iTrust2: Password Changed #4

Open yes-maybe opened 4 years ago

yes-maybe commented 4 years ago

I am not involved in iTrust2 but I regularly receive the following email, sent via sendgrid. The reply-to email is my username.

Subject: iTrust2: Password Changed Your password has been changed successfully

With the frequency rising I am becoming concerned.

Thank you.

Full header below with my username redacted xxx

Delivered-To: xxx Received: by 2002:a92:8c0f:0:0:0:0:0 with SMTP id o15csp958374ild; Sat, 28 Mar 2020 15:02:45 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuYpOVSaXOmsiKPQ8pND0xhWLYv+3wkIxMSshfS4naRsLmH45JECWEB9MxLoCeWxvlh2C73 X-Received: by 2002:a17:906:58f:: with SMTP id 15mr4873995ejn.182.1585432965803; Sat, 28 Mar 2020 15:02:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585432965; cv=none; d=google.com; s=arc-20160816; b=EyBM/6pOaU/n7MjBvPFThnRqj8lPGxeosWxK/ExT1rxnmV6cwEo67oStwFfcc7jrzB QPXUnxm6bMPA0JWYfnfXJWzZPIGhHTmbtkD16asgjMqw9BMjI/msu6x/BXcnwtVF5XhG GvNd841vMzPJlO6FjO0whWZ3pZHu61wH5r2n/aW5s6VLykBjDM05tIo05xjsR6IIKbJI wlCm7dNHzFeT7ic2Xm4VjQP7LhWWKejV58HN8mChbTV/yo8feCWvqvvTGvwUQoKHyYPu /dBkfH3f6enNR6JO/aL3K7bnKG+mcHnTDLw/Zy0l1LL0uyYlafcmsnZTWPIKa/z0disf knvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=date:content-transfer-encoding:mime-version:subject:message-id:to :from:dkim-signature; bh=a6brB8qmVrjBPeVKDu3e5FmZyLR2OxkBE2b86jkfuUA=; b=0BFKHHHoYuc7LdETPm8C1obA0iqkTy2Hragsn5brmtHm89IYr3uJaA/xRFbJCRQHHo L0Fl/Ge8yloOFe8qX4wB7FdqOoPWH8xu6cIf1QY8/sCNqgDcPNhsAHtYi2IAoYbtrlgu FBdiXxQE0w1HeIGasoOdyGqjUA7Pwe/jRQAVLaUWvwxcip3quvC7fNp/E7yE3KJ2Ikyu LHbK0syWq5xkHcxe3GtTD51JoT1gOuuaG3DBOKK0mF1Ar0b+QexVI/za2PFnBKT+XEIF w47e0Wp9X3gnnMWDnLUmziK6EaWQCBv5OQQNDA5Iwip5MddfGzrAmYBMK8VUG4q7kLeZ t6JA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sendgrid.net header.s=smtpapi header.b=BI8urDJ+; spf=pass (google.com: domain of bounces+15096881-cbc6-xxx@sendgrid.net designates 167.89.24.164 as permitted sender) smtp.mailfrom="bounces+15096881-cbc6-xxx@sendgrid.net" Return-Path: bounces+15096881-cbc6-xxx@sendgrid.net Received: from xtrwkvxq.outbound-mail.sendgrid.net (xtrwkvxq.outbound-mail.sendgrid.net. [167.89.24.164]) by mx.google.com with ESMTPS id ss16si6141161ejb.256.2020.03.28.15.02.45 for xxx> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 28 Mar 2020 15:02:45 -0700 (PDT) Received-SPF: pass (google.com: domain of bounces+15096881-cbc6-xxx@sendgrid.net designates 167.89.24.164 as permitted sender) client-ip=167.89.24.164; Authentication-Results: mx.google.com; dkim=pass header.i=@sendgrid.net header.s=smtpapi header.b=BI8urDJ+; spf=pass (google.com: domain of bounces+15096881-cbc6-xxx@sendgrid.net designates 167.89.24.164 as permitted sender) smtp.mailfrom="bounces+15096881-cbc6-xxx@sendgrid.net" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; h=from:to:subject:mime-version:content-type:content-transfer-encoding:x-feedback-id; s=smtpapi; bh=a6brB8qmVrjBPeVKDu3e5FmZyLR2OxkBE2b86jkfuUA=; b=BI 8urDJ+uHkQTouE2KLuA41L/Q3qq8n3xBPLs+wvfssKQHQ2RU2FpXlYuppgKwoP+c QbSD4TAFPHIoa3razRtMpqGj+ZsDpYI9hjs3s2i0Hkw4nBGT8pidKKgQCTE84w5p qDNjCHRXfJvDgBbgR6x2RUml3+28sOoJbXx/EqBD4= Received: by filter0135p3las1.sendgrid.net with SMTP id filter0135p3las1-19133-5E7FC984-76 2020-03-28 22:02:44.147765027 +0000 UTC m=+89777.367485169 Received: from 64e23d445626 (unknown) by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP id 4Hn9u5YmS3GNpILZBSVUbA for ; Sat, 28 Mar 2020 22:02:43.845 +0000 (UTC) From: xxx To: xxx Message-ID: 722600007.0.1585432959995.JavaMail.root@64e23d445626 Subject: iTrust2: Password Changed MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 28 Mar 2020 22:02:44 +0000 (UTC) X-SG-EID: 8kGwC87crFofzRm0xfeRLlQvS/8cx9xemhz+pCPDmI1ZEmDvyyrgHCl29r7YjRgqAOTk89hejdnFX2 SGy2h+GmX4Ljs/cG1syG5rDpv3T52hMQmHxOiPFYcKynUzE6mHzDcICv6n55Z/WHdSROC0YwPnJ0jR 78FpiRr67PCWpickrAXQZ2gADUf4sCUoXm/z X-Feedback-ID: 15096881:y7zTHt88eyupT2BhIbW5n6KWfZQ5THb2+/M9wJj8jbE=:y7zTHt88eyupT2BhIbW5n6KWfZQ5THb2+/M9wJj8jbE=:SG

Your password has been changed successfully

yes-maybe commented 4 years ago

I would suggest the password changed template is updated to include information if the change was not requested. Add more information about the domain so in my case when I receive a dozen emails overnight I know who to contact to look into the issue.

yes-maybe commented 4 years ago

Screenshot_20200403-083358

kpresler commented 3 years ago

I am very sorry about the delay in seeing this. Would you be willing to reach out to me privately with your email address (mine is in my profile, or my website, linked from the README) so I can ensure that it is scrubbed from all test data used?

Thanks!