[8988] in bugtraq
Bigfoot/Bellsouth Webmail bug
daemon@ATHENA.MIT.EDU (Madere, Russel)
Fri Jan 8 12:50:16 1999
Date: Fri, 8 Jan 1999 07:07:20 -0600
Reply-To: "Madere, Russel" <rmadere@STEI.COM>
From: "Madere, Russel" <rmadere@STEI.COM>
To: BUGTRAQ@NETSPACE.ORG
I seem to have found another "bug" with the Bigfoot/Bellsouth Webmail.
Users can log back into the service from cached pages. This is a huge
security hole, especially for users access these services from public
terminals. Subsequent users can just use the back button to go back in the
previous session history and log in as the previous user.
Russel Madere, Jr.
Stewart Enterprises, Inc.