Full Disclosure mailing list archives
AOL password issue
From: Michael Yandrischovitz <mike124 () gmail com>
Date: Wed, 12 Jan 2005 12:28:02 -0500
I recently discovered an interesting security issue with AOL 9.0SE /AOL Messanger(suprise,suprise). If a user has an exsisting account with AOL, and changes his or her account password, the old password still works to log on to AIM. This lets the attacker access to all the features of AIM, including webmail. I have only tested this with the lastest versions of AOL and AIM. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AOL password issue Michael Yandrischovitz (Jan 12)