Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Webmail.bellsouth.net security problemsLeonid S. Knyshov (wiseleoBEST.COM)
Tue, 25 Aug 1998 15:39:11 -0700
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Marc Slemko: "Re: Webmail.bellsouth.net security problems"
- Previous message: Jonathan A. Zdziarski - Systems Administrator: "Re: Serious Security Hole in Hotmail"
- Next in thread: Marc Slemko: "Re: Webmail.bellsouth.net security problems"
Dear Bugtraq readers and security at Bellsouth Upon examining my log files, I came across an interesting fact. Background: As part of my Internet marketing efforts, I read web log files daily to see if anything interesting comes up. Just today I was reading my logs this way: grep welcome.html access.log And among others there was this entry: *.*.*.* - - [25/Aug/1998:07:28:02 -0700] "GET /welcome.html HTTP/1.0" 20 0 4427 "http://webmail.bellsouth.net/WebEmail?FormName=ReadMail&WebMail-Action=W ebMail-MessageContent&WebMail-MsgNdx=3&WebMail-St=&WebMail-MailBox=INBOX&SEQ=Xnn -43_tE0_PB9GePBFs8txjXohB-IdE&WebMail-MsgCount=69&locale=en&ver=2.0.0&dyn=" "Moz illa/3.02Gold (WinNT; I)" Naturally that sparked my interest, so I went to that exact same URL. I was greeted with a message that 2 hours passed and I am logged off, but that's not a good thing. Concerns: Bellsouth.net webmail customers accounts may be easily abused Investigation: Just created an account to check out features, POP3 access without additional authentication I presume Oh my God... There is a tab "Personal Info" *gasp*... Address, phone number, place of work, etc. Obviously this is unacceptable. Incredibly easy to bypass security. One attack would be: to: unsuspecting_userwebmail.bellsouth.net subject: check out my site! Hey buddy, check out my site! http://www.crashproofpc.com If they click they send me their UNLOCKED mailibox location via HTTP_REFERER, and if I have access to log files, I can easily get into that account and cause a great deal of trouble. I won't go into any further details :) -- Leonid S. Knyshov Information Technology Consultant Crashproof Solutions - "Keeping true to our name!" http://www.crashproofpc.com