[23810] in bugtraq
address.com: email vulnerability
daemon@ATHENA.MIT.EDU (wannabe anonymousplease)
Thu Jan 10 23:36:09 2002
Message-ID: <20020109025231.65026.qmail@web14604.mail.yahoo.com>
Date: Tue, 8 Jan 2002 18:52:31 -0800 (PST)
From: wannabe anonymousplease <i_wanna_be_anonymous@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
www.address.com has a vulnerability that allows
reading the email of other users. address.com offers,
among other things, free email (similar to
hotmail.com).
However, the registration allows you to overwrite
existing accounts. If it does, the password is
overwritten, and the new user takes
control of the account (the former user will no longer
know the password).
However, the emails of the former user remain. In
attempting to ask address.com to look into this issue,
I was told they couldn't help because I wasn't a
premium member.
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
