Posted by split on 03:01:00 05-12-2003
I found this article on Slashdot.
http://securitytracker.com/alerts/2003/May/1006728.html
The vulnerability allows anyone with an IQ of 10 or above to change the password of a .NET Passport account to an arbitrary value. You simply visit a URL with strings containing the victim's email and your own and you receive an email with a link allowing you to change their password.
I'm not sure if you're still vulnerable to this attack. Thought you Messenger users might want to know about it though.
Posted by dxprog on 06:47:00 05-12-2003
I saw that report also. The problem is supposed to be fixed now. They took down that URL temporarily, so if you've forgotten your password you're out of luck until they totally fix it.
[addsig]
Posted by eosp on 12:25:00 09-23-2003
I thought even M$ was smart enough to do such a thing, but I guess it all started when windows 1.0 came out.
[addsig]