Full Disclosure mailing list archives
Re: yahoo mail image verification
From: Thierry Haven <thierry.haven () xmcopartners com>
Date: Mon, 07 Feb 2005 12:18:34 +0100
After testing the French Yahoo portal, it appears that this flaw actually exists. Let's hope they'll fix it soon. However, the impact of a bruteforce attempt is minimal if you have a strong password by default ...
I've submitted this bug to Yahoo for review. _______________________________________ Thierry Haven - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com cumhur onat wrote:
Did you realized that the image verification in yahoo mail which appears after some insuccesfull attempts is not working properly, becus i can just leave it blank and continue trying, dont tell me that it wont work if I enter a true passwrd without the verification code . It works i have tried with 6 accounts and managed to enter the inbox after about 40 tries. Sorry for my bad english :( Hope you understand what I mean... Cumhur Onat _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- yahoo mail image verification cumhur onat (Feb 05)
- Re: yahoo mail image verification Thierry Haven (Feb 07)
- Re: yahoo mail image verification Eduardo Tongson (Feb 07)
- Re: yahoo mail image verification Thierry Haven (Feb 07)