Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MSN contact list disclosure
From: Tom McAdam <tomc () future-i com>
Date: Sun, 10 Feb 2002 10:28:41 +0000 (GMT)

On Fri, 8 Feb 2002, Tom Micklovitch wrote:

Exploit:

Register an account for MSN messenger, make some contact email
addresses, leave the account for 31 days. On a different machine (to
ensure there's no cache), go to the sign up section of MSN messenger,
sign up again, using the same screen name. You'll be able to see the
previous user's contact list.

-- snip -- 

This issue was initially reported back in August 2000 to Bugtraq [1] by
James Nelson

Microsoft did respond [2] but must've decided it wasn't an issue... all
those lovely graphical updates to make Messenger look pretty were
obviously deemed more important.


[1] http://www.securityfocus.com/archive/1/76183
[2] http://www.securityfocus.com/archive/1/76388




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]