|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] MSN Plus Password Change Security Bypass Vulnerability
From: m0fo (editor
sec.org.il)
Date: Thu Apr 07 2005 - 11:29:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Title: MSN Plus Password Change Security Bypass Vulnerability
Risk: Medium
Date: 07.04.2005
Publisher: m0fo (editor at sec.org.il)
Source: http://sec.org.il/articles.php?a=187
Vendor: <http://www.msgplus.net> http://www.msgplus.net
MSN Plus is additional application for the MSN Messenger. Msn Plus is adding
a lot of options to the standart MSN Messenger.
One of the options is to lock your MSN Messenger with password you choose,
this way could be bypass easily because the password can be changed without
providing the old password.
all the msn plus password's protection could be bypass easily because the
vendor build it on the same way.
all the MSN Messngers and MSN Plus are vulnerable.
NOTE: successful exploitation requires that a user has logged in recently.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]