[23787] in bugtraq
Re: myvoicestream.com vulnerability
daemon@ATHENA.MIT.EDU (Scott Dier)
Wed Jan 9 23:19:54 2002
Date: Wed, 9 Jan 2002 21:06:34 -0600
From: Scott Dier <dieman@ringworld.org>
To: Trey Valenta <trey@anvils.org>
Cc: bugtraq@securityfocus.com
Message-ID: <20020109210634.I26419@ringworld.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="0QFb0wBpEddLcDHQ"
Content-Disposition: inline
In-Reply-To: <20020109143038.B744@anvils.org>
--0QFb0wBpEddLcDHQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Trey Valenta <trey@anvils.org> [020109 18:35]:
> myvoicestream.com allows VoiceStream Wireless customers to manage their
> phones and billing accounts over SSL. Access controls to sessions are
You missed the worst of it:
If you go to the 'update profile' page and view source, you can see the
currently set password. (Web authors: please stop doing this, please
leave those blank, please require reauthentication when resetting
passwords. I've found another site today apart from that that I just
notified the vendor of...)
Thus: you can hijack a session and gain a potentially re-used common
password and compromise a persons other accounts with that gained
information.
--=20
Scott Dier <dieman@ringworld.org> http://www.ringworld.org/
the desire for space travel is a metaphor for escape
--0QFb0wBpEddLcDHQ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iD8DBQE8PQU6yXQl+65LXZIRAo3BAJ4zF11V+rp3M8+iqSlfvhlRBMqGiQCdGfa+
PKajyrikcZ6xpmC2Lo3toHs=
=6sTU
-----END PGP SIGNATURE-----
--0QFb0wBpEddLcDHQ--
