 |  |
ISP List wrote:
Re: Security Issue
From: Shawn Hogan
Date: Sunday, January 12, 2003
Time: 10:45:48 am
> Can you do this:
>
> 1. Add a new customer named "tcis123"
> 2. Do not add any E-mail addresses to the account nor an Override E-mail
> address
> 3. Go to your own account in OG (or someone elses) and add the E-mail
> address "tcis123@yourdomain.com"
> 4. Request a password retrieval as "tcis123" from the Customer Web Interface.
> 5. Check your mail at tcis123@yourdomain.com and collect the password for
> the "tcis123" customer.
>
> I can do this without OG ever complaining of duplicates, since in reality
> there are none. I am never duplicating a login nor an E-mail address,
> which are always treated as seperate entities in OG (as it should be).
I *really* don't think that's the case for a couple reasons... the *only*
field searched on when doing the password retrieval is the login field
(emails under services and override email addresses are *not* searched). If
a match is found, then it's only going to send to that customer's email. So
even if you *knew* someone's login and zip code, if it finds a match, it's
only going to send it to the owner anyway (they would probably wonder *why*
they got it, but still...
- Shawn
----------------------------------
Shawn D. Hogan
President, Digital Point Solutions
http://www.digitalpoint.com
(858) 452-3696
---------------------------------------------------
To subscribe, unsubscribe or to search list archive
please visit http://www.optigold.com/lists/isp.html
---------------------------------------------------
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696