MSN Plus! fails to properly verify an old password prior to allowing the changing of the current password.
65f2ab68cbb5711864256a41d930f802e5d9045b194bc169d3c892725ade783c
This is a multi-part message in MIME format.
------=_NextPart_000_0016_01C5E23F.E7C54790
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
MSN Plus Password Change Security Bypass Vulnerability
date: 05.11.2005
publisher: m0fo (editor at sec.org.il)
vendor: www.msgplus.net <http://www.msgplus.net/>
Msn Plus! is additional aplication for MSN Messenger. This application
adding a lot of new options into the MSN Messenger so it will be easier to
use it. One of the application's option is to set a password witch lock the
application, lock the logs, etc. its easy to set password for this, but its
much easier to change it, while someone trying to change password that
already set, he doesnt need to fill in the old password, this may cause a
malicious user to take control over the application, maybe reading your
talks, locking your MSN, etc.
all versions of that MSN Plus! are vulnerable to this flow, my advice is not
to use it.
<http://www.msgplus.net>
------=_NextPart_000_0016_01C5E23F.E7C54790
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2769" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D687442217-05112005>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D687442217-05112005>MSN =
Plus Password=20
Change Security Bypass Vulnerability</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D687442217-05112005></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D687442217-05112005>date:=20
05.11.2005</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D687442217-05112005>publisher: m0fo=20
(editor at sec.org.il)</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D687442217-05112005>vendor: <A=20
href=3D"http://www.msgplus.net/">www.msgplus.net</A></SPAN></FONT></DIV><=
/SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D687442217-05112005></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D687442217-05112005>Msn =
Plus! is=20
additional aplication for MSN Messenger. This application adding a lot =
of new=20
options into the MSN Messenger so it will be easier to use it. One of =
the=20
application's option is to set a password witch lock the application, =
lock the=20
logs, etc. its easy to set password for this, but its much easier to =
change it,=20
while someone trying to change password that already set, he doesnt =
need to=20
fill in the old password, this may cause a malicious user to take =
control over=20
the application, maybe reading your talks, locking your MSN,=20
etc.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D687442217-05112005></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D687442217-05112005>all =
versions of that=20
MSN Plus! are vulnerable to this flow, my advice is not to use=20
it.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D687442217-05112005></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D687442217-05112005><A=20
href=3D"http://www.msgplus.net"></A></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D687442217-05112005></SPAN></FONT> </DIV></BODY></HTML>
------=_NextPart_000_0016_01C5E23F.E7C54790--