Full Disclosure mailing list archives
MSN Plus Password Change Security Bypass Vulnerability
From: "m0fo" <editor () sec org il>
Date: Sat, 5 Nov 2005 19:34:14 +0200
MSN Plus Password Change Security Bypass Vulnerability date: 05.11.2005 publisher: m0fo (editor at sec.org.il) vendor: www.msgplus.net <http://www.msgplus.net/> Msn Plus! is additional aplication for MSN Messenger. This application adding a lot of new options into the MSN Messenger so it will be easier to use it. One of the application's option is to set a password witch lock the application, lock the logs, etc. its easy to set password for this, but its much easier to change it, while someone trying to change password that already set, he doesnt need to fill in the old password, this may cause a malicious user to take control over the application, maybe reading your talks, locking your MSN, etc. all versions of that MSN Plus! are vulnerable to this flow, my advice is not to use it. <http://www.msgplus.net>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MSN Plus Password Change Security Bypass Vulnerability m0fo (Nov 05)