mailing list archives
Re: User Enumeration Flaw
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Mon, 20 Feb 2006 14:03:15 -0000
Mar.Shatz () education gov il wrote:
whitehouse.gov MX 100 mailhub-wh2.whitehouse.gov
noone () box:~$
noone () box:~$ telnet mailhub-wh2.whitehouse.gov 25
Connected to mailhub-wh2.whitehouse.gov.
Escape character is '^]'.
220 whitehouse.gov ESMTP service at Sun, 12 Feb 2006 11:29:38 -0500
(EST) helo jojo
250 esgeop03.whitehouse.gov Hello [xxx.xxx.xxx.xxx], pleased to meet
you mail from:bob () com com
250 2.1.0 bob () com com Sender ok
rcpt to:gbush () whitehouse gov
550 5.1.1 gbush () whitehouse gov User unknown
rcpt to:president () whitehouse gov
250 2.1.5 president () whitehouse gov Recipient ok
221 2.0.0 esgeop03.whitehouse.gov closing connection
Connection closed by foreign host.
User enumeration at the whitehouse
Tell DHS at once! What would happen if Al-Qaeda could figure out that
there was a president in the whitehouse?
Can't think of a witty .sigline today....
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/