Security Incidents mailing list archives

Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability (fwd)

From: "Christopher X. Candreva" <chris () westnet com>
Date: Thu, 8 May 2003 01:10:17 -0400 (EDT)

On Wed, 7 May 2003, Dan Hanson wrote:

I am forwarding this as it may impact people whom depend on MSN or
passport systems for business reasons. Contrary to what at
least one of the full-disclosure follow-ups reports, it does work.



Just tried this and it didn't work, Received the below error page.  Unless
they will e-mail the link for password change eventually anyway:

Problem with Password Reset

.NET Passport is temporarily unable to complete your password reset request.
To try again, please read and complete one of the options below.



    * If the last thing you tried to do was click the Send E-mail button on
the 'Reset Your Password by Email' page, then you should click your
browser's Back button to return to that page, and then click the Send E-mail
button again. (The password reset e-mail has not been sent.)

    * If the last thing you tried to do was click either the reset or cancel
link in the 'Microsoft .NET Passport password reset' e-mail message that you
received, then you should open the 'Microsoft .NET Passport password reset'
e-mail message that you received and click the link again. (The password
reset or cancel process has not been completed.)

    * If the last thing you tried to do was finish resetting your password
by typing your new password on the 'Reset Your Password by E-mail' page,
then you should open the 'Microsoft .NET Passport password reset' e-mail
message that you received and click the link again. (The password reset
process has not been completed.)


If you take the appropriate action listed above and still cannot reset your
password, click Contact Us.



==========================================================
Chris Candreva  -- chris () westnet com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------

Current thread:

[Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability (fwd) Dan Hanson (May 07)
- Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability (fwd) Christopher X. Candreva (May 07)