AOL password issue

[Michael Yandrischovitz <mike124 () gmail com>]

I recently discovered an interesting security issue with AOL 9.0SE
/AOL Messanger(suprise,suprise). If a user has an exsisting account
with AOL, and changes his or her account password, the old password
still works to log on to AIM. This lets the attacker access to all the
features of AIM, including webmail. I have only tested this with the
lastest versions of AOL and AIM.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html