Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Unsecure Password recovery policy [Forgot password...] in hotmail!

From: bipin gautam <visitbipin () yahoo com>
Date: Wed, 28 Jan 2004 17:25:45 -0800 (PST)
Explaination:

A person could gain useful info. about
VICTIM () hotmail com that could be used in password
recovery... even by a unlegimate user by simply
"getting a LEGIMATE reply"  from VICTIM () hotmail com 
;o) 
Strange!
Firstly, the simple trick is to make him/her 
[whome_he_wanna_hack () hotmail com]  just reply you...
WITH ANYTHING! [Maybe... BY ASKING FOR SOMETHING
...Indeed painless!] As soon as the attacker get's a
email  reply from VICTIM () hotmail com,  the attacker
then simply look's at the email header, & fInd's
VICTIM () hotmail com country's gmt time: through his
email header [ ... which was used by
"VICTIM () hotmail com" while regestering HOTMAIL!]  

A TIPICAL HEADER WOULD LOOK LIKE
----------------------------------
X-Originating-IP: [*.*.*.*] 
X-Originating-Email: [VICTIM () hotmail com] 
Received: from *.*.*.*by lw10fd.law10.hotmail.msn.com
with HTTP;Wed, 13 Aug 2003 13:40:38 +5:45 GMT
----------------------------------
Using his grade 3 maths skills, (o:  the attacker
could then effectively predict the victims's
country/STATE name [ ... which was used by the
"victim" while regestering HOTMAIL!] just by knowing
his +/- **:** GMT through the email header! of
VICTIM () hotmail com
This info. could be very effectively used in Password
recovery policy of hotmail!
Well, after about 40% of the holygrain OBTAINED! 
........ All the attacker now have to do is guess a
simple/'SENSIBLE' secret answer [most of the time...]
before he get's full control of VICTIM () hotmail com
INBOX!
________________________________________________________
Microsoft REPLIED me, pointing out ... about a SUPPOSE
TO BE similar issue!

[quote] ->3'rd para. LAST LINE!

http://www.informationweek.com/story/showArticle.jhtml?articleID=10817862
If the attacker knew the victim's E-mail address and
basic geographic location information, accounts would
be at risk, the advisory stated. 
[/quote]

[quote] -> 4'th para.
The vulnerability appears to be minor, says John
Pescatore, research director at Gartner. The fact that
an attacker would have to enter city, state, and ZIP
code information to exploit the security hole would
have prevented widespread automated identity theft, he
says. "It would generally prevent automated attacks
and at least require me to know two pieces of data
about a target E-mail account," he says. 
[/quote]


well i read the issue! but MARK THAT, ....... i
submitted you a  technique to predict the
country/state by which it could pe predicted!!! ... 

Isn't the word... "MAY BE.. if" and "this is how..."
different???
___________________________________________
wHAT DO YOU SAY, guys?

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: