Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Vulnerability in EMURL-based e-mail providers
From: Pierre Benoit (pbenoitMAIL.COM)
Date: Mon May 15 2000 - 11:33:23 CDT

Affected Product: Emurl 2.0 For Windows NT 4.0 (possibly others)

Product information: Emurl is web-based email host developped by SeattleLab.

Impact: Users can access the mailbox's content of anybody on the system.
They can also steal their POP passwords since Emurl allows you to fetch your
POP email from more than one source.

After logging into my new mail account powered by the Emurl software, this
URL struck me:


I guess you all know where this is going. First, this identifier is based
solely on your account name. Therefore, if you create an account with the
same name on another site, you'll end up with the very same identifier.

Furthermore, this identifier can easily be determined since it is "encoded"
using the ascii value of each character of the account's name and
incremented by its position.

In this example, my user ID would be PBenoit and my resulting identifier
would be 113100104114116111123.

p = 112 + 1 = 113
b = 98 + 2 = 100
e = 101 + 3 = 104
n = 110 + 4 = 114
o = 111 + 5 = 116
i = 105 + 6 = 111
t = 116 + 7 = 123

You could fetch the e-mails here


... and view/change the account's settings here


I threw a few lines of perl together to generate this.

print "Enter your ID: ";
$_=lc(<STDIN>); chomp;
print "Your identifier is: ";
letters=split(//, $_);
for ($i = 0; $i < length($_); $i++) {
$mychar = ord($letters[$i])+$i+1;
if ($mychar < 100)
{ $mychar = (0).$mychar;}
print $mychar

Vendor status: SeattleLab is aware and the issue is addressed in their next

FREE Personalized Email at Mail.com
Sign up at