Search Again: Re: Security Issue From: Shawn Hogan Date: Sunday, January 12, 2003 Time: 10:40:21 am ISP List wrote: > Nope. I actually noticed it when I was testing the password retrieval > feature and decided to see what would happen if the customer that was > requesting the password retrieval had no E-mail addresses/Override E-mail > on file. Try it, you'll see what I'm talking about. It would go to the same email that *all* their email goes to (invoices, statements, letters, etc.) > See above. It can be exploited, I've tested it several times > now. Granted, it is highly unlikely someone will do so, but my point is > that OG should not be making the assumption it is making when the customer > has no E-mail addresses on file. What assumption is that? I'm still not sure where you expected the email to be sent to... - Shawn ---------------------------------- Shawn D. Hogan President, Digital Point Solutions http://www.digitalpoint.com (858) 452-3696 --------------------------------------------------- To subscribe, unsubscribe or to search list archive please visit http://www.optigold.com/lists/isp.html ---------------------------------------------------

Messages In This Thread: Security issue by Eivind Ravndal on Apr 29, 2002 at 8:19:48 am Re: Security issue by Shawn Hogan on Apr 30, 2002 at 10:26:09 pm Security Issue by Mike Bacher on Jan 11, 2003 at 10:24:13 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 11:13:42 am Re: Security Issue by Mike Bacher on Jan 11, 2003 at 11:58:41 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 12:22:56 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 1:21:07 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 4:47:30 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 5:04:27 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:06:19 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:21:09 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:31:59 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:27:39 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:31:18 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:32:49 pm Re: Security Issue by Jeff Folk on Jan 12, 2003 at 7:19:23 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 10:07:22 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:37:39 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:38:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:40:21 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:43:01 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:45:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:47:52 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:04:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:07:58 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:10:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:16:48 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:21:23 pm Re: Security Issue by Matthew Bailey on Jan 12, 2003 at 4:07:28 pm Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 9:23:23 am Re: Security Issue by Mike Bacher on Jan 13, 2003 at 11:39:54 am Re: Security Issue by customers1st@yeipost-netsolution.net on Jan 13, 2003 at 11:52:15 am Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 12:00:47 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:02:19 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:07:51 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:11:54 pm Re: Security Issue by Matthew Bailey on Jan 13, 2003 at 12:27:50 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:46:53 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:47:26 pm Re: Security Issue by Fernando Huerta =?iso-8859-1?Q?Zu=F1iga?= on Jan 13, 2003 at 1:52:09 pm