Full Disclosure mailing list archives

Re: User Enumeration Flaw

From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Mon, 20 Feb 2006 14:03:15 -0000

Mar.Shatz () education gov il wrote:

whitehouse.gov          MX      100 mailhub-wh2.whitehouse.gov
noone@box:~$
noone@box:~$ telnet mailhub-wh2.whitehouse.gov 25
Trying 63.161.169.140...
Connected to mailhub-wh2.whitehouse.gov.
Escape character is '^]'.
220 whitehouse.gov ESMTP service at Sun, 12 Feb 2006 11:29:38 -0500
(EST) helo jojo
250 esgeop03.whitehouse.gov Hello [xxx.xxx.xxx.xxx], pleased to meet
you mail from:bob () com com
250 2.1.0 bob () com com... Sender ok
rcpt to:gbush () whitehouse gov
550 5.1.1 gbush () whitehouse gov... User unknown
rcpt to:president () whitehouse gov
250 2.1.5 president () whitehouse gov... Recipient ok
quit
221 2.0.0 esgeop03.whitehouse.gov closing connection
Connection closed by foreign host.

User enumeration at the whitehouse



  Tell DHS at once!  What would happen if Al-Qaeda could figure out that 
there was a president in the whitehouse?


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

User Enumeration Flaw Mar . Shatz (Feb 18)
- Re: User Enumeration Flaw Simon Smith (Feb 18)
- Re: User Enumeration Flaw Valdis . Kletnieks (Feb 18)
- Re: User Enumeration Flaw Dave Korn (Feb 20)
  - Re: Re: User Enumeration Flaw Valdis . Kletnieks (Feb 20)
  - Re: Re: User Enumeration Flaw Michael Holstein (Feb 21)