Full Disclosure mailing list archives
Re: Hotmail & Passport (.NET Accounts) Vulnerability
From: "adf--at--Code511.com" <adf () code511 com>
Date: Fri, 09 May 2003 00:06:47 +0200
Is it me or ms never credit vulnerabilities according to http://www.microsoft.com/security/passport_issue.asp "a report was published detailing a security vulnerability(...)"? No more details or credit. I also saw online news like http://www.vnunet.com/News/1140757 none mentioned as it was said in Muhammad's post the issue was discovered, and ms warned since 12th April 2003. Meaning it let opened user's account (40 m users?) open for almost 3 weeks... -deepquest "If you know the enemy and you know yourself, you need not fear the result of a hundred battles." --Sun Tzu Le 8/05/03 9:52 AM, « Michael J McCafferty » <mike () m5computersecurity com> a écrit :
Well, there ya go it's hit the mainstream press.... http://news.com.com/2100-1002_3-1000429.html?tag=lh The story mentions that MS has turned off all password reset functionality by now.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Hotmail & Passport (.NET Accounts) Vulnerability Muhammad Faisal Rauf Danka (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Michael J McCafferty (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability adf--at--Code511.com (May 08)
- Re: Hotmail & Passport (.NET Accounts) Darren Reed (May 09)
- Re: Hotmail & Passport (.NET Accounts) Ron DuFresne (May 09)
- Re: Hotmail & Passport (.NET Accounts) adf--at--Code511.com (May 09)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 09)
- Re: Hotmail & Passport (.NET Accounts) Georgi Guninski (May 10)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 10)
- Re: Hotmail & Passport (.NET Accounts) Mark J Cox (May 12)
- RE: Hotmail & Passport (.NET Accounts) Ed Carp (May 12)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability adf--at--Code511.com (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Michael J McCafferty (May 08)