[11913] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

BT/Cellnet Genie vulnerability

daemon@ATHENA.MIT.EDU (James Fidell)
Wed Sep 15 05:19:14 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <19990915085754.A27668@thagdal.cloud9.co.uk>
Date:         Wed, 15 Sep 1999 08:57:54 +0100
Reply-To: James Fidell <james@CLOUD9.CO.UK>
From: James Fidell <james@CLOUD9.CO.UK>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

The webmail service from BT Cellnet's Genie site appears have a vulnerability
which allows any user to read messages irrespective of their intended
recipient.  Once logged in, other messages can be retrieved by merely
changing the message-id in the URL for your own messages.

James.
--
 "Yield to temptation --             | Consultancy: james@cloud9.co.uk
  it may not pass your way again"    | http://www.cloud9.co.uk/james
                                     |
        - Lazarus Long               |              James Fidell


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11913] in bugtraq

BT/Cellnet Genie vulnerability

daemon@ATHENA.MIT.EDU (James Fidell)Wed Sep 15 05:19:14 1999

daemon@ATHENA.MIT.EDU (James Fidell)
Wed Sep 15 05:19:14 1999