address.com: email vulnerability

From: wannabe anonymousplease (i_wanna_be_anonymousat_private)
Date: Tue Jan 08 2002 - 18:52:31 PST

Next message: Derek Callaway: "cgiaudit release information"

Previous message: NOKUBI Takatsugu: "Re: Details on the updated namazu packages that are available"
Next in thread: Robert Ellis: "RE: address.com: email vulnerability"
Reply: Robert Ellis: "RE: address.com: email vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

www.address.com has a vulnerability that allows
reading the email of other users. address.com offers,
among other things, free email (similar to
hotmail.com). 

However, the registration allows you to overwrite
existing accounts. If it does, the password is
overwritten, and the new user takes
control of the account (the former user will no longer
know the password).

However, the emails of the former user remain. In
attempting to ask address.com to look into this issue,
I was told they couldn't help because I wasn't a
premium member.



__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

Next message: Derek Callaway: "cgiaudit release information"
Previous message: NOKUBI Takatsugu: "Re: Details on the updated namazu packages that are available"
Next in thread: Robert Ellis: "RE: address.com: email vulnerability"
Reply: Robert Ellis: "RE: address.com: email vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 20:38:18 PST