| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Apr 7 16:30:03 2005 From: editor at sec.org.il (m0fo) Subject: MSN Plus Password Change Security Bypass Vulnerability Title: MSN Plus Password Change Security Bypass Vulnerability Risk: Medium Date: 07.04.2005 Publisher: m0fo (editor at sec.org.il) Source: http://sec.org.il/articles.php?a=187 Vendor: <http://www.msgplus.net> http://www.msgplus.net MSN Plus is additional application for the MSN Messenger. Msn Plus is adding a lot of options to the standart MSN Messenger. One of the options is to lock your MSN Messenger with password you choose, this way could be bypass easily because the password can be changed without providing the old password. all the msn plus password's protection could be bypass easily because the vendor build it on the same way. all the MSN Messngers and MSN Plus are vulnerable. NOTE: successful exploitation requires that a user has logged in recently. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050407/35b6e71e/attachment.html
Powered by blists - more mailing lists