Re: [Full-Disclosure] yahoo mail image verification
From: Thierry Haven (thierry.haven_at_xmcopartners.com)
Date: Mon, 07 Feb 2005 12:18:34 +0100 To: cumhur onat <email@example.com>
After testing the French Yahoo portal, it appears that this flaw
actually exists. Let's hope they'll fix it soon. However, the impact of
a bruteforce attempt is minimal if you have a strong password by default
I've submitted this bug to Yahoo for review.
Thierry Haven - Xmco Partners
Security Consulting / Pentest
web : http://www.xmcopartners.com
cumhur onat wrote:
>Did you realized that the image verification in yahoo mail which
>appears after some insuccesfull attempts is not working properly,
>becus i can just leave it blank and continue trying, dont tell me that
>it wont work if I enter a true passwrd without the verification code .
>It works i have tried with 6 accounts and managed to enter the inbox
>after about 40 tries.
>Sorry for my bad english :(
>Hope you understand what I mean...
>Full-Disclosure - We believe in it.
Full-Disclosure - We believe in it.