Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] MSN Plus Password Change Security Bypass Vulnerability
From: m0fo (editorsec.org.il)
Date: Thu Apr 07 2005 - 11:29:44 CDT
Title: MSN Plus Password Change Security Bypass Vulnerability
Publisher: m0fo (editor at sec.org.il)
Vendor: <http://www.msgplus.net> http://www.msgplus.net
MSN Plus is additional application for the MSN Messenger. Msn Plus is adding
a lot of options to the standart MSN Messenger.
One of the options is to lock your MSN Messenger with password you choose,
this way could be bypass easily because the password can be changed without
providing the old password.
all the msn plus password's protection could be bypass easily because the
vendor build it on the same way.
all the MSN Messngers and MSN Plus are vulnerable.
NOTE: successful exploitation requires that a user has logged in recently.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/