Full Disclosure mailing list archives
RE: Hotmail & Passport (.NET Accounts) Vulnerability
From: Marc Slemko <marcs () znep com>
Date: Wed, 7 May 2003 21:53:16 -0700 (PDT)
On Thu, 8 May 2003, Christopher F. Herot wrote:
I just tried this. It does indeed generate the "reset password" email and link, which is scary, but following the instructions does not really reset the password, at least not for the limited test I performed.
It definitely worked for me around 20:45 (-0700). Microsoft may have gotten it disabled by now, they do generally have a very quick reaction time to such trivial stupid massive gaping holes once they actually get the message about them. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Hotmail & Passport (.NET Accounts), (continued)
- Re: Hotmail & Passport (.NET Accounts) Ron DuFresne (May 09)
- Re: Hotmail & Passport (.NET Accounts) adf--at--Code511.com (May 09)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 09)
- Re: Hotmail & Passport (.NET Accounts) Georgi Guninski (May 10)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 10)
- Re: Hotmail & Passport (.NET Accounts) Mark J Cox (May 12)
- RE: Hotmail & Passport (.NET Accounts) Ed Carp (May 12)
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Marc Slemko (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Byrne Ghavalas (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Suryanto (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Wayne Chang (Pacific Northwest Software) (May 08)