Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hotmail & Passport (.NET Accounts) Vulnerability

From: "adf--at--Code511.com" <adf () code511 com>
Date: Fri, 09 May 2003 00:06:47 +0200
Is it me or ms never credit vulnerabilities according to
http://www.microsoft.com/security/passport_issue.asp  "a report was
published detailing a security vulnerability(...)"? No more details or
credit.
I also saw online news like http://www.vnunet.com/News/1140757 none
mentioned as it was said in Muhammad's post the issue was discovered,  and
ms warned since 12th April 2003. Meaning it let opened user's account (40 m
users?) open for almost 3 weeks...

-deepquest
"If you know the enemy and you know yourself, you
need not fear the result of a hundred battles."
                                           --Sun Tzu

Le 8/05/03 9:52 AM, « Michael J McCafferty » <mike () m5computersecurity com> a
écrit :



Well, there ya go it's hit the mainstream press....
http://news.com.com/2100-1002_3-1000429.html?tag=lh

The story mentions that MS has turned off all password reset functionality
by now.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: