|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
reallyanonymous
hush.com
Date: Wed Nov 04 2009 - 17:00:20 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Moderate vulnerability in argentinean ARNET isp webmail.
well, there is some kind of weakened authentication on the webmail
of Arnet
(webmail.arnet.com.ar) to access any account all you need is to
guess the first 8 characters of the password, even if the password
is 9,10,11,12,14 or more characters long. This password is the same
than ADSL access acount.
for example:
For this account
johndoearnet.com.ar
password:a1a2a3a4a5a6a7a8a9a0
you only need (first 8 character)
johndoearnet.com.ar
password:a1a2a3a4
ADSL account in this case is
Name: johndoearnet
Password:a1a2a3a4a5a6a7a8a9a0
there are no anti bruteforce mecanism so you can guess almost any
account within a couple of hours.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]