Full Disclosure mailing list archives

RE: Hotmail & Passport (.NET Accounts) Vulnerability

From: Marc Slemko <marcs () znep com>
Date: Wed, 7 May 2003 21:53:16 -0700 (PDT)

On Thu, 8 May 2003, Christopher F. Herot wrote:


I just tried this.  It does indeed generate the "reset password" email
and link, which is scary, but following the instructions does not really
reset the password, at least not for the limited test I performed.


It definitely worked for me around 20:45 (-0700).

Microsoft may have gotten it disabled by now, they do generally have
a very quick reaction time to such trivial stupid massive gaping holes
once they actually get the message about them.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Hotmail & Passport (.NET Accounts), (continued)
- - - Re: Hotmail & Passport (.NET Accounts) Ron DuFresne (May 09)
    - Re: Hotmail & Passport (.NET Accounts) adf--at--Code511.com (May 09)
    - Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 09)
    - Re: Hotmail & Passport (.NET Accounts) Georgi Guninski (May 10)
    - Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 10)
    - Re: Hotmail & Passport (.NET Accounts) Mark J Cox (May 12)
    - RE: Hotmail & Passport (.NET Accounts) Ed Carp (May 12)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Wayne Chang (Pacific Northwest Software) (May 08)
- PowerLink™ WAN Aggregator - Vunerability morning_wood (May 09)
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Christopher F. Herot (May 07)
  - RE: Hotmail & Passport (.NET Accounts) Vulnerability Marc Slemko (May 07)
    - Re: Hotmail & Passport (.NET Accounts) Vulnerability Byrne Ghavalas (May 08)
  - Re: Hotmail & Passport (.NET Accounts) Vulnerability Suryanto (May 07)
  - Re: Hotmail & Passport (.NET Accounts) Vulnerability Wayne Chang (Pacific Northwest Software) (May 08)