Full Disclosure mailing list archives
RE: Hotmail & Passport (.NET Accounts)Vulnerability
From: "Tovar Roca Kenneth" <kenneth () aloe ulima edu pe>
Date: Thu, 8 May 2003 17:56:56 -0500
I tried but since the morning, I still wait for the new password.....Or what does it mean when they are talking about "reset the password"?? what should be the new password then??? Ken. -----Mensaje original----- De: adf--at--Code511.com [mailto:adf () code511 com] Enviado el: Jue 08/05/2003 05:06 p.m. Para: Michael J McCafferty; mfrd () attitudex com; full-disclosure () lists netsys com CC: Asunto: Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)Vulnerability Is it me or ms never credit vulnerabilities according to http://www.microsoft.com/security/passport_issue.asp "a report was published detailing a security vulnerability(...)"? No more details or credit. I also saw online news like http://www.vnunet.com/News/1140757 none mentioned as it was said in Muhammad's post the issue was discovered, and ms warned since 12th April 2003. Meaning it let opened user's account (40 m users?) open for almost 3 weeks... -deepquest "If you know the enemy and you know yourself, you need not fear the result of a hundred battles." --Sun Tzu Le 8/05/03 9:52 AM, « Michael J McCafferty » <mike () m5computersecurity com> a écrit : > > Well, there ya go it's hit the mainstream press.... > http://news.com.com/2100-1002_3-1000429.html?tag=lh > > The story mentions that MS has turned off all password reset functionality > by now. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Hotmail & Passport (.NET Accounts)Vulnerability Tovar Roca Kenneth (May 08)