[NEWS] Multiple Vulnerabilities found in Microsoft .Net Passport Services
From: SecuriTeam (support_at_securiteam.com)
Date: 05/09/03
- Previous message: SecuriTeam: "[NT] Microsoft BizTalk Server DTA Vulnerable to SQL Injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 9 May 2003 09:55:22 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
In the US?
Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!
Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -
Multiple Vulnerabilities found in Microsoft .Net Passport Services
------------------------------------------------------------------------
SUMMARY
"Microsoft® .NET Passport is a Web-based service designed to make signing
in to Web sites fast and easy. .NET Passport enables participating sites
to authenticate a user with a single set of sign-in credentials,
eliminating the need for users to remember numerous passwords and sign-in
names." PakCERT has discovered two serious vulnerabilities in Microsoft
Net Passport Services, which if exploited, affects over 200 million users
worldwide. Using these vulnerabilities and the single sign-in feature of
Microsoft .Net Passport, an attacker can completely take control of a
user's account including Hotmail email account, personal information,
credit card numbers, shopping lists etc and use it on any of the .Net
Passport participating web sites.
DETAILS
Issue One: Bypass Security Questions
An attacker can bypass the security questions asked before resetting the
password. When Microsoft Hotmail/.Net Passport users forget their
passwords, they have to fill out a web form that requires their email
address, state, zip code, and country. After submitting the correct
information users are prompted to answer the secret question they entered
during their signup for the service.
Because of this vulnerability, Microsoft Hotmail/.Net Passport users who
rely on questions as "What's my name?" or "What's my favorite color?"
could find themselves loosing their accounts.
Issue Two: Password Reset Vulnerability
An attacker can reset any Microsoft Hotmail/.Net Passport user account
with no prior information like state, zip, country, answer to the secret
question and the old password. Normally, a user has to answer the security
questions and than answer, the secret question if he wants to reset his
password. By exploiting this vulnerability, an attacker can submit a
specially crafted URL to get the password reset instructions and reset any
user's password.
Technical details:
Due to the nature of this vulnerability and the fact that there is no fix
available yet, no technical details are being made available with this
advisory. Full technical details will be made available on our website
once the vulnerability is fixed by Microsoft. Please note that we were
forced to release this information public as these vulnerabilities are
actively being exploited in the wild and are one of the most severe
vulnerabilities ever found in Microsoft Hotmail/.Net Passport.
ADDITIONAL INFORMATION
The information has been provided by <mailto:qa@pakcert.org> Qazi Ahmed &
Shoaib Rehman.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Microsoft BizTalk Server DTA Vulnerable to SQL Injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
