Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00


New Webmail Security Hole Found - 10 April 1999  
MAO Enterprises announced today that a security flaw in Rocketmail's free web  
email services at If you should happen to know the login  
name of an account at Rocketmail which has been inactive for a while, it is  
possible to reactivate the account with no proof that you were the original  
account holder. Simply supply a new password and you now have the address of  
someone else's inactive account. Why is this dangerous? It is possible to pass  
yourself off as the original accountholder, unbeknownst to family and friends  
of the orignal accountholder. In addition, the ORIGINAL PREFERENCES of the  
original account are preserved! This makes it extremely easy to retrieve  
personal data, addressbooks, and other info which were stored by the last  
We hope that Rocketmail will strive to fix this problem.  
M.A.O Enterprises ERT