lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20091104230020.DBAF42803F@smtp.hushmail.com> Date: Wed, 04 Nov 2009 20:00:20 -0300 From: reallyanonymous@...h.com To: full-disclosure@...ts.grok.org.uk Subject: Argentinean Arnet isp webmail Moderate vulnerability in argentinean ARNET isp webmail. well, there is some kind of weakened authentication on the webmail of Arnet (webmail.arnet.com.ar) to access any account all you need is to guess the first 8 characters of the password, even if the password is 9,10,11,12,14 or more characters long. This password is the same than ADSL access acount. for example: For this account johndoe@...et.com.ar password:a1a2a3a4a5a6a7a8a9a0 you only need (first 8 character) johndoe@...et.com.ar password:a1a2a3a4 ADSL account in this case is Name: johndoe@...et Password:a1a2a3a4a5a6a7a8a9a0 there are no anti bruteforce mecanism so you can guess almost any account within a couple of hours. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists