Full Disclosure mailing list archives
RE: Hotmail & Passport (.NET Accounts)Vulnerability
From: "Tovar Roca Kenneth" <kenneth () aloe ulima edu pe>
Date: Thu, 8 May 2003 17:56:56 -0500
I tried but since the morning, I still wait for the new password.....Or what does it mean when they are talking about
"reset the password"?? what should be the new password then???
Ken.
-----Mensaje original-----
De: adf--at--Code511.com [mailto:adf () code511 com]
Enviado el: Jue 08/05/2003 05:06 p.m.
Para: Michael J McCafferty; mfrd () attitudex com; full-disclosure () lists netsys com
CC:
Asunto: Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)Vulnerability
Is it me or ms never credit vulnerabilities according to
http://www.microsoft.com/security/passport_issue.asp "a report was
published detailing a security vulnerability(...)"? No more details or
credit.
I also saw online news like http://www.vnunet.com/News/1140757 none
mentioned as it was said in Muhammad's post the issue was discovered, and
ms warned since 12th April 2003. Meaning it let opened user's account (40 m
users?) open for almost 3 weeks...
-deepquest
"If you know the enemy and you know yourself, you
need not fear the result of a hundred battles."
--Sun Tzu
Le 8/05/03 9:52 AM, « Michael J McCafferty » <mike () m5computersecurity com> a
écrit :
>
> Well, there ya go it's hit the mainstream press....
> http://news.com.com/2100-1002_3-1000429.html?tag=lh
>
> The story mentions that MS has turned off all password reset functionality
> by now.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Hotmail & Passport (.NET Accounts)Vulnerability Tovar Roca Kenneth (May 08)