Search Again: Re: Security Issue From: Mike Bacher Date: Saturday, January 11, 2003 Time: 1:21:07 pm At 12:22 PM 1/11/2003 -0800, you wrote: >ISP List wrote: > > > Yes. Customer A knows his login name (joe) but not his password, and puts > > "joe" in the field for password recovery with his correct zip code. Since > > he (joe) has no Override E-mail address or E-mail addresses, OG is assuming > > that "joe@domain.com" is him and it sends that password there, but in > > reality "joe@domain.com" belongs to Customer B. > >If "joe" is his login, that's all that is required... it has nothing to do >with override email (as far as searching for the customer)... > >It *only* searches against login... > > - Shawn err maybe we aren't talking about the same thing here. I am talking about the Password Recovery feature in the Customer Web Interface. If Customer A goes to that web page and puts in his login (joe) and his accurate zip code, and he has no E-mail addresses or Override E-mail specified inside OG, it sends the E-mail with his password to "joe@<main domain>", which actually belongs to Customer B. --Mike --------------------------------------------------- To subscribe, unsubscribe or to search list archive please visit http://www.optigold.com/lists/isp.html ---------------------------------------------------

Messages In This Thread: Security issue by Eivind Ravndal on Apr 29, 2002 at 8:19:48 am Re: Security issue by Shawn Hogan on Apr 30, 2002 at 10:26:09 pm Security Issue by Mike Bacher on Jan 11, 2003 at 10:24:13 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 11:13:42 am Re: Security Issue by Mike Bacher on Jan 11, 2003 at 11:58:41 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 12:22:56 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 1:21:07 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 4:47:30 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 5:04:27 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:06:19 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:21:09 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:31:59 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:27:39 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:31:18 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:32:49 pm Re: Security Issue by Jeff Folk on Jan 12, 2003 at 7:19:23 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 10:07:22 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:37:39 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:38:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:40:21 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:43:01 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:45:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:47:52 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:04:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:07:58 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:10:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:16:48 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:21:23 pm Re: Security Issue by Matthew Bailey on Jan 12, 2003 at 4:07:28 pm Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 9:23:23 am Re: Security Issue by Mike Bacher on Jan 13, 2003 at 11:39:54 am Re: Security Issue by customers1st@yeipost-netsolution.net on Jan 13, 2003 at 11:52:15 am Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 12:00:47 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:02:19 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:07:51 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:11:54 pm Re: Security Issue by Matthew Bailey on Jan 13, 2003 at 12:27:50 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:46:53 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:47:26 pm Re: Security Issue by Fernando Huerta =?iso-8859-1?Q?Zu=F1iga?= on Jan 13, 2003 at 1:52:09 pm