
Sign in Sign in Sign In - edward
https://www.capitalone.com/sign-in/
======
mattchamb
Found from the login URLs - Unrestricted redirect vulnerability:

[https://www.capitalone.com/redirect/?dest=https%3A%2F%2Fgoog...](https://www.capitalone.com/redirect/?dest=https%3A%2F%2Fgoogle.com)

Makes phishing links seems authentic.

Who wants to report it to them?

~~~
andyidsinga
good catch. I reported it to abuse@capitalone.com

~~~
dogweather
Think they'll understand?

~~~
andyidsinga
yes

------
plorkyeran
This is at least partially due to it being a bunch of different legacy systems
from different companies. I have two completely separate accounts with Capital
One (one from ING before they were bought out, and one for my Capital One
credit card), with the same user name. I would hope that they're working on
integrating the systems, but I can't imagine it being a simple task.

~~~
jhwhite
I'm in the same boat but my accounts are all integrated now. My car loan,
credit card, 360 checking, and 360 savings.

------
bosco
This is what happens when no one wants to work in technology at old outdate
financial services firm.

~~~
aaronbrethorst
Your statement doesn't make any sense. A quick search of LinkedIn shows:

    
    
        2,798 results for capital one software engineer
    

It's a company with a $50bn market cap, and ostensibly stable 9-5 employment.
This is more of a symptom of having a ton of different products where people
weren't interested or weren't able to create a unified login system.

Chalk it up to 'bad' engineering practices if you want, but not that there's
no one to work at these companies.

~~~
baddox
I don't even think it's bad engineering practice. It seems like rather
reasonable and efficient UI.

~~~
aaronbrethorst
12+ separate logins is, imho, neither reasonable nor efficient.

------
aaronchall
I get it, this link is important because it's really bad user experience to
have so many sign-ins for a single bank. They need to unify this stuff,
obviously.

Also: great title.

------
whitingx
Doesn't seem great for accessibility the fact that all the 'Sign In' links
also have the same link title;

“title="Link opens in a new window"”

[http://www.paciellogroup.com/blog/2012/01/html5-accessibilit...](http://www.paciellogroup.com/blog/2012/01/html5-accessibility-
chops-title-attribute-use-and-abuse/)

------
Yawnoc2
It's worse than that. I have a Capital One credit card and a Capital One 360
(nee ING) savings account. They have seemingly completely separate logins, but
changing the password for one changes the password for the other.

------
taspeotis
If you click "Sign In" for Canadian Credit Cards...
[https://www.capitalone.ca/sign-in/](https://www.capitalone.ca/sign-in/)

It's turtles all the way down!

------
urda
What a quality Hacker News post.

