lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Nov 5 17:32:18 2005 From: editor at sec.org.il (m0fo) Subject: MSN Plus Password Change Security Bypass Vulnerability MSN Plus Password Change Security Bypass Vulnerability date: 05.11.2005 publisher: m0fo (editor at sec.org.il) vendor: www.msgplus.net <http://www.msgplus.net/> Msn Plus! is additional aplication for MSN Messenger. This application adding a lot of new options into the MSN Messenger so it will be easier to use it. One of the application's option is to set a password witch lock the application, lock the logs, etc. its easy to set password for this, but its much easier to change it, while someone trying to change password that already set, he doesnt need to fill in the old password, this may cause a malicious user to take control over the application, maybe reading your talks, locking your MSN, etc. all versions of that MSN Plus! are vulnerable to this flow, my advice is not to use it. <http://www.msgplus.net> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051105/aa5f0dc0/attachment.html
Powered by blists - more mailing lists