address.com: email vulnerability
From: wannabe anonymousplease (i_wanna_be_anonymous@yahoo.com)Date: 01/09/02
- Previous message: user@compulabs.dhs.org: "autoresponder program could be tricked by spamers to send unsolicited mail to victim's address"
- Next in thread: Robert Ellis: "RE: address.com: email vulnerability"
- Reply: Robert Ellis: "RE: address.com: email vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Jan 2002 18:52:31 -0800 (PST) From: wannabe anonymousplease <i_wanna_be_anonymous@yahoo.com> To: bugtraq@securityfocus.com
www.address.com has a vulnerability that allows
reading the email of other users. address.com offers,
among other things, free email (similar to
hotmail.com).
However, the registration allows you to overwrite
existing accounts. If it does, the password is
overwritten, and the new user takes
control of the account (the former user will no longer
know the password).
However, the emails of the former user remain. In
attempting to ask address.com to look into this issue,
I was told they couldn't help because I wasn't a
premium member.
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
- Previous message: user@compulabs.dhs.org: "autoresponder program could be tricked by spamers to send unsolicited mail to victim's address"
- Next in thread: Robert Ellis: "RE: address.com: email vulnerability"
- Reply: Robert Ellis: "RE: address.com: email vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
