BT/Cellnet Genie vulnerability

From: James Fidell (jamesat_private)
Date: Wed Sep 15 1999 - 00:57:54 PDT

Next message: Alan Cox: "Re: Hotmail security vulnerability - injecting JavaScript using"

Previous message: Matt Bruce: "Re: Default configuration in WatchGuard Firewall"
Next in thread: James Fidell: "Re: BT/Cellnet Genie vulnerability"
Reply: James Fidell: "Re: BT/Cellnet Genie vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The webmail service from BT Cellnet's Genie site appears have a vulnerability
which allows any user to read messages irrespective of their intended
recipient.  Once logged in, other messages can be retrieved by merely
changing the message-id in the URL for your own messages.

James.
--
 "Yield to temptation --             | Consultancy: jamesat_private
  it may not pass your way again"    | http://www.cloud9.co.uk/james
                                     |
        - Lazarus Long               |              James Fidell

Next message: Alan Cox: "Re: Hotmail security vulnerability - injecting JavaScript using"
Previous message: Matt Bruce: "Re: Default configuration in WatchGuard Firewall"
Next in thread: James Fidell: "Re: BT/Cellnet Genie vulnerability"
Reply: James Fidell: "Re: BT/Cellnet Genie vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:57 PDT