Re: [Full-Disclosure] yahoo mail image verification

From: Thierry Haven (thierry.haven_at_xmcopartners.com)
Date: 02/07/05

  • Next message: Martin Pitt: "[Full-Disclosure] [USN-76-1] Emacs vulnerability"
    Date: Mon, 07 Feb 2005 12:18:34 +0100
    To: cumhur onat <cumhuronat@gmail.com>
    
    

    After testing the French Yahoo portal, it appears that this flaw
    actually exists. Let's hope they'll fix it soon. However, the impact of
    a bruteforce attempt is minimal if you have a strong password by default
    ...

    I've submitted this bug to Yahoo for review.

    _______________________________________
    Thierry Haven - Xmco Partners
    Security Consulting / Pentest
    web : http://www.xmcopartners.com

    cumhur onat wrote:

    >Did you realized that the image verification in yahoo mail which
    >appears after some insuccesfull attempts is not working properly,
    >becus i can just leave it blank and continue trying, dont tell me that
    >it wont work if I enter a true passwrd without the verification code .
    >It works i have tried with 6 accounts and managed to enter the inbox
    >after about 40 tries.
    >Sorry for my bad english :(
    >Hope you understand what I mean...
    >Cumhur Onat
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Martin Pitt: "[Full-Disclosure] [USN-76-1] Emacs vulnerability"