Hijacking Yahoo, AOL, Hotmail accounts
In the popular mail services Yahoo, AOL and Hotmail were recently found vulnerabilities that allow access to other people's accounts .
The essence of vulnerabilities is the same everywhere: a logical error was used when recovering a password, as a result of which it was possible to set a new password to bypass the user's legitimacy check (answer to a security question, etc.)
Video demo for Hotmail:
')
Apparently, the vulnerabilities are already covered. Because I could not use them. Although, to repeat the action is missing a few data. For example, in the case of Yahoo, it remains a mystery on what it was necessary to change the variable Z in a POST request. And for Hotmail, it's unclear what to assign to the variable __V_SecretAnswerProof . But the video above is proof that vulnerabilities were present.
In the case of Hotmail, the vulnerability was triggered if the victim used an alternate email address to recover the password. Hotmail also allows you to recover your password through the answer to your secret question. However, no exploit was provided for this case.
At the moment, AOL even with the usual recovery without hacks gives an error:
The essence of vulnerabilities is the same everywhere: a logical error was used when recovering a password, as a result of which it was possible to set a new password to bypass the user's legitimacy check (answer to a security question, etc.)
Video demo for Hotmail:
')
Apparently, the vulnerabilities are already covered. Because I could not use them. Although, to repeat the action is missing a few data. For example, in the case of Yahoo, it remains a mystery on what it was necessary to change the variable Z in a POST request. And for Hotmail, it's unclear what to assign to the variable __V_SecretAnswerProof . But the video above is proof that vulnerabilities were present.
In the case of Hotmail, the vulnerability was triggered if the victim used an alternate email address to recover the password. Hotmail also allows you to recover your password through the answer to your secret question. However, no exploit was provided for this case.
At the moment, AOL even with the usual recovery without hacks gives an error:
We're sorry. There is no information to reset your password.
For calls on 1-855-PWRESET (855-797-3738) for further assistance, Monday - Sunday, 8:00 AM - 10:00 PM (EST).
Verify this is your account
Please select one of the following options to verify your identity.
Alternate Email Address
Billing information
Account Security Question
Source: https://habr.com/ru/post/143369/
All Articles