Re: [Full-Disclosure] yahoo mail image verification

From: Thierry Haven (
Date: 02/07/05

  • Next message: Martin Pitt: "[Full-Disclosure] [USN-76-1] Emacs vulnerability"
    Date: Mon, 07 Feb 2005 12:18:34 +0100
    To: cumhur onat <>

    After testing the French Yahoo portal, it appears that this flaw
    actually exists. Let's hope they'll fix it soon. However, the impact of
    a bruteforce attempt is minimal if you have a strong password by default

    I've submitted this bug to Yahoo for review.

    Thierry Haven - Xmco Partners
    Security Consulting / Pentest
    web :

    cumhur onat wrote:

    >Did you realized that the image verification in yahoo mail which
    >appears after some insuccesfull attempts is not working properly,
    >becus i can just leave it blank and continue trying, dont tell me that
    >it wont work if I enter a true passwrd without the verification code .
    >It works i have tried with 6 accounts and managed to enter the inbox
    >after about 40 tries.
    >Sorry for my bad english :(
    >Hope you understand what I mean...
    >Cumhur Onat
    >Full-Disclosure - We believe in it.

    Full-Disclosure - We believe in it.

  • Next message: Martin Pitt: "[Full-Disclosure] [USN-76-1] Emacs vulnerability"