lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: kenneth at aloe.ulima.edu.pe (Tovar Roca Kenneth) Subject: Hotmail & Passport (.NET Accounts)Vulnerability I tried but since the morning, I still wait for the new password.....Or what does it mean when they are talking about "reset the password"?? what should be the new password then??? Ken. -----Mensaje original----- De: adf--at--Code511.com [mailto:adf@...e511.com] Enviado el: Jue 08/05/2003 05:06 p.m. Para: Michael J McCafferty; mfrd@...itudex.com; full-disclosure@...ts.netsys.com CC: Asunto: Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)Vulnerability Is it me or ms never credit vulnerabilities according to http://www.microsoft.com/security/passport_issue.asp "a report was published detailing a security vulnerability(...)"? No more details or credit. I also saw online news like http://www.vnunet.com/News/1140757 none mentioned as it was said in Muhammad's post the issue was discovered, and ms warned since 12th April 2003. Meaning it let opened user's account (40 m users?) open for almost 3 weeks... -deepquest "If you know the enemy and you know yourself, you need not fear the result of a hundred battles." --Sun Tzu Le 8/05/03 9:52 AM, ? Michael J McCafferty ? <mike@...omputersecurity.com> a ?crit : > > Well, there ya go it's hit the mainstream press.... > http://news.com.com/2100-1002_3-1000429.html?tag=lh > > The story mentions that MS has turned off all password reset functionality > by now. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists