Tuesday, January 17, 2006

Flaw in Yahoo! Password Recovery

Let me walk you through the steps where you can easily change anyones password, provided you know the correct personal details & if that person has actually entered the correct details while signing up for Yahoo! mail account.
  1. Yahoo! Mail home.
  2. Click on this link "Forget your ID or password?"
  3. Now if you know the person's details and the Yahoo ID, go ahead and fill up the form.
  4. After that, all you need to do is to click the button Get NEW Password, Figure.
Once you click that button, the Password is changed and thats enough to do the damage. Then the end user has to follow the procedures to retrieve his/her password as told in my previous post.

I feel the Step 4 i.e. clicking on the button Get NEW Password should be provided to the End User only after he answers the Secret question correctly, so that there is no unecessary change of password.

5 comments:

Neets said...

hey homie, changed my blog's name:
http://oxymoronpersonified.blogspot.com
:)

Vivek Kondur said...

Homie???:D

Thanks for the link! I will update it on my blog. I happened to hit your old blog last weeek, but cldn't find. I was wondering whether u had stopped blogging.

I liked your new blog name, OxymoronPersonified:)

Neets said...

y homie? u havin doubts of bein a homie?
Thanks. so did i like it... it takes too long to figure your self out. i thought the name tells quite a bit about my self :))

Pallavi said...

Sheesh !! :(

Vivek Jaiswal said...

hmmm.. kool pointer...
howz life...
-viv