Re: Multiple Vulnerabilities found in Microsoft .Net Passport Ser vices

From: Henry Troup (HenryT_at_WATCHFIRE.COM)
Date: 05/08/03

  • Next message: Arnott, Barnaby J.: "Re: Alert: Microsoft Security Bulletin - MS03-010"
    Date:         Thu, 8 May 2003 11:37:47 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    ...

    Issue Two: Password Reset Vulnerability

    ...

    Microsoft has apparently corrected this - I tried it, and the email was
    correctly sent to my stored preferred email, not accepting the override in
    the URL.

    Henry Troup
    Watchfire Corporation
    1 Hines Rd., Kanata,
    ON K2K 3C7
    +1 613 599-3888 x4048

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by IP3 Inc.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become
    TICSA certified.

    Do not miss your opportunity to discover solutions to what our participants
    have identified as their top 5 IT Security Challenges. You will return to
    work better prepared to put into place an effective security strategy
    utilizing the latest security tools, bookmarks and URL's.

    <http://www.ip3seminars.com>

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Arnott, Barnaby J.: "Re: Alert: Microsoft Security Bulletin - MS03-010"

    Relevant Pages

    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter #75
      ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #120
      ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
      ... Now if the geeks over at Microsoft could get "infected" with some of this ... The Internet is already mind blowing in the way it can bring people ... that creates an unacceptable risk of security compromise and we need to shut ... down all Internet browsing with IE. ...
      (microsoft.public.win2000.security)
    • SecurityFocus Microsoft Newsletter # 87
      ... Meeting IT Security Benchmarks Through IT Audits ... MICROSOFT VULNERABILITY SUMMARY ... Bypassing Windows 2000 Domain Password settings ...
      (Focus-Microsoft)