[Full-Disclosure] Unsecure Password recovery policy [Forgot password...] in hotmail!

bipin gautam visitbipin at yahoo.com
Thu Jan 29 01:25:45 GMT 2004 

Explaination:

A person could gain useful info. about
VICTIM at hotmail.com that could be used in password
recovery... even by a unlegimate user by simply
"getting a LEGIMATE reply"  from VICTIM at hotmail.com 
;o) 
Strange!
Firstly, the simple trick is to make him/her 
[whome_he_wanna_hack at hotmail.com]  just reply you...
WITH ANYTHING! [Maybe... BY ASKING FOR SOMETHING
...Indeed painless!] As soon as the attacker get's a
email  reply from VICTIM at hotmail.com,  the attacker
then simply look's at the email header, & fInd's
VICTIM at hotmail.com country's gmt time: through his
email header [ ... which was used by
"VICTIM at hotmail.com" while regestering HOTMAIL!]  

A TIPICAL HEADER WOULD LOOK LIKE
----------------------------------
X-Originating-IP: [*.*.*.*] 
X-Originating-Email: [VICTIM at hotmail.com] 
Received: from *.*.*.*by lw10fd.law10.hotmail.msn.com
with HTTP;Wed, 13 Aug 2003 13:40:38 +5:45 GMT
----------------------------------
Using his grade 3 maths skills, (o:  the attacker
could then effectively predict the victims's
country/STATE name [ ... which was used by the
"victim" while regestering HOTMAIL!] just by knowing
his +/- **:** GMT through the email header! of
VICTIM at hotmail.com
This info. could be very effectively used in Password
recovery policy of hotmail!
Well, after about 40% of the holygrain OBTAINED! 
........ All the attacker now have to do is guess a
simple/'SENSIBLE' secret answer [most of the time...]
before he get's full control of VICTIM at hotmail.com
INBOX!
________________________________________________________
Microsoft REPLIED me, pointing out ... about a SUPPOSE
TO BE similar issue!

[quote] ->3'rd para. LAST LINE!

http://www.informationweek.com/story/showArticle.jhtml?articleID=10817862
If the attacker knew the victim's E-mail address and
basic geographic location information, accounts would
be at risk, the advisory stated. 
[/quote]

[quote] -> 4'th para.
The vulnerability appears to be minor, says John
Pescatore, research director at Gartner. The fact that
an attacker would have to enter city, state, and ZIP
code information to exploit the security hole would
have prevented widespread automated identity theft, he
says. "It would generally prevent automated attacks
and at least require me to know two pieces of data
about a target E-mail account," he says. 
[/quote]


well i read the issue! but MARK THAT, ....... i
submitted you a  technique to predict the
country/state by which it could pe predicted!!! ... 

Isn't the word... "MAY BE.. if" and "this is how..."
different???
___________________________________________
wHAT DO YOU SAY, guys?

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

Full-Disclosure is hosted and sponsored by Secunia.