Re: ICQ exploit

[Mikko Ruskola <mruskola () KOLUMBUS FI>]

Funny thing about this is that if you use ICQ on both linux at work and
windows at home and if you forgot your ICQ online at work you can't
drop it of by logging in with windows ICQ, but you can do it another way.
That was the case atleast with licq.


Mikko Ruskola
mruskola () kolumbus fi
------------------------
> Geo.
> This is a feature not a bug. This feature was put in so that users would not
> get an error message of "Login error, you are already logged in.." if a
> users ISP connection dropped or a users computer froze..
> The first client only gets kicked off if the second client issues the
> correct login and password.
>
> Jonathan James
>
> ----- Original Message -----
> From: "Geo." <georger () NLS NET>
> To: <VULN-DEV () SECURITYFOCUS COM>
> Sent: Monday, March 26, 2001 9:21 PM
> Subject: ICQ exploit
>
>
> > While playing around with my laptop and desktop today I noticed something
> > with ICQ.
> >
> > If you have ICQ setup on 2 machines using the same ICQ number, as soon as
> > the second machine starts ICQ up the first machine gets an error about
> your
> > ICQ number being used on another machine and immediately takes ICQ off
> line.
> >
> > I don't know the mechanism that allows this but has anyone considered an
> > exploit based upon this mechanism? Seems to me a sequential run could
> knock
> > a whole bunch of people off ICQ..
> >
> > Geo.
> >