lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <466E1A009106D411A1C9009027DE7283096F4A4D@aloe.ulima.edu.pe>
From: kenneth at aloe.ulima.edu.pe (Tovar Roca Kenneth)
Subject: Hotmail & Passport (.NET Accounts)Vulnerability

I tried but since the morning, I still wait for the new password.....Or what does it mean when they are talking about "reset the password"?? what should be the new password then???
 
Ken.

	-----Mensaje original----- 
	De: adf--at--Code511.com [mailto:adf@...e511.com] 
	Enviado el: Jue 08/05/2003 05:06 p.m. 
	Para: Michael J McCafferty; mfrd@...itudex.com; full-disclosure@...ts.netsys.com 
	CC: 
	Asunto: Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)Vulnerability
	
	

	Is it me or ms never credit vulnerabilities according to
	http://www.microsoft.com/security/passport_issue.asp  "a report was
	published detailing a security vulnerability(...)"? No more details or
	credit.
	I also saw online news like http://www.vnunet.com/News/1140757 none
	mentioned as it was said in Muhammad's post the issue was discovered,  and
	ms warned since 12th April 2003. Meaning it let opened user's account (40 m
	users?) open for almost 3 weeks...
	
	-deepquest
	"If you know the enemy and you know yourself, you
	need not fear the result of a hundred battles."
	                                           --Sun Tzu
	
	Le 8/05/03 9:52 AM, ? Michael J McCafferty ? <mike@...omputersecurity.com> a
	?crit :
	
	>
	> Well, there ya go it's hit the mainstream press....
	> http://news.com.com/2100-1002_3-1000429.html?tag=lh
	>
	> The story mentions that MS has turned off all password reset functionality
	> by now.
	>
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ