Hotmail bug two....for netscape users! -- Code_Zero

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 20:14:03 09/16/00 Sat
Author: Tyrus
Subject: Hotmail bug two....for netscape users!

By setting the Cookies preference to "Accept only cookies that get sent back to the originating server", you can keep the authorization cookie that allows a user to log in to Hotmail and read the last user's mail. The authorization cookie is temporary, but it is only deleted when the browser closes.

It is possible to verify this vulnerability by doing the following:
1) In Netscape, set your cookie preference to the above.
2) Log in to any Hotmail account.
3) Choose "Sign Out".
4) From the MSN page that appears after sign-out, choose the Hotmail link.
5) You will be back in your Inbox.

Possible Fixes:
1) Set cookies to "Accept all cookies"
2) Close your browser immediately after signing out.

Tested on Netscape 4.5 and 4.6, using both the "Increased Security" and "Neither" authorization methods.

[ Next Thread | Previous Thread | Next Message | Previous Message ]