|
|
|
|
| |
A vulnerability in Microsoft's Passport service opens a security hole that exposes Netscape users using the Hotmail mail service.
By making a settings change in Netscape, the next user that tries to logon to Hotmail (on that same machine) has complete access to the previous user's mailbox. |
| |
Credit:
This vulnerability has been discovered by: Pete Krawczyk.
|
| |
By setting the Cookies preference to "Accept only cookies that get sent back to the originating server", you can keep the authorization cookie that allows a user to log in to Hotmail and read the last user's mail. The authorization cookie is temporary, but it is only deleted when the browser closes.
It is possible to verify this vulnerability by doing the following:
1) In Netscape, set your cookie preference to the above.
2) Log in to any Hotmail account.
3) Choose "Sign Out".
4) From the MSN page that appears after sign-out, choose the Hotmail link.
5) You will be back in your Inbox.
Possible Fixes:
1) Set cookies to "Accept all cookies"
2) Close your browser immediately after signing out.
Tested on Netscape 4.5 and 4.6, using both the "Increased Security" and "Neither" authorization methods.
|
|
|
|
|
|
|
|
|
|
