Discussion in 'Computer Support' started by Dave Croft, Aug 26, 2004.

  1. Dave Croft

    Dave Croft Guest

    I just signed up for a "" This went fine until I tried for a use for it!
    The site says it can be used on any server that accepts it but doesn't tell you of any to try.
    They do have a users list but this has been withdrawn.
    Does anyone use one of these & if so what can it be used for?
    Dave Croft
    Dave Croft, Aug 26, 2004
    1. Advertisements

  2. Dave Croft

    Duane Arnold Guest

    Passport authentication directs new users to a site hosted by MS so they
    can register a single user name and password that will authorize their
    access to multiple Web sites. Existing users are prompted for their MS
    Passport user name and psw, which the application then authenticates from
    the Passport user list.

    What it means are those Web sites that have Web applications using the MS
    Passport authentication to login and access the site will use the PP
    authentication. And during your current browser session you went to
    another Web site that uses MS Passport authentication, you would not have
    to present your login credentials again, because they were authenticated
    when accessing the other site. Currently, MS sties that require the user
    to login such as MS Press sites, MS Developer sites use the PP

    As more Web Sites and Web application developers start using the .Net
    solutions, you may see PP authentication come into play in consumer Web

    Duane :)
    Duane Arnold, Aug 26, 2004
    1. Advertisements

  3. Dave Croft

    Tech.News Guest

    You better unsubscribe:

    *Microsoft .Net Passport Services Multiple Vulnerabilities*
    Posted on 10 May 2003

    As contributed to HNS by From: Qazi Ahmed <>:

    PakCERT Security Advisory PC-080503
    Multiple Vulnerabilities found in Microsoft .Net Passport Services
    May 08, 2003


    "Use one name and password to sign in to all .NET Passport-participating
    sites and services."


    PakCERT has discovered two serious vulnerabilities in Microsoft .Net
    Passport Services, which if exploited, affects over 200 million users
    worldwide. Using these vulnerabilities and the single sign-in feature of
    Microsoft .Net Passport, an attacker can completely take control of a
    user's account including Hotmail email account, personal information,
    credit card numbers, shopping lists etc and use it on any of the .Net
    Passport participating web sites.

    Issue One: Bypass Security Questions

    An attacker can bypass the security questions asked before resetting the
    password. When Microsoft Hotmail/.Net Passport users forget their
    passwords, they have to fill out a web form that requires their email
    address, state, zip code and country. After submitting the correct
    information users are prompted to answer the secret question they entered
    during their signup for the service.

    As a result of this vulnerability, Microsoft Hotmail/.Net Passport users
    who rely on questions like "What's my name?" or "What's my favorite color?"
    could find themselves loosing their accounts.

    Issue Two: Password Reset Vulnerability

    An attacker can reset any Microsoft Hotmail/.Net Passport user account with
    no prior information like state, zip, country, answer to the secret
    question and the old password. Normally, a user has to answer the security
    questions and than answer the secret question if he wants to reset his
    password. By exploiting this vulnerability, an attacker can submit a
    specially crafted URL to get the password reset instructions and reset any
    user's password.


    Due to the nature of this vulnerability and the fact that there is no fix
    available yet, no technical details are being made available with this
    advisory. Full technical details will be made available on our website once
    the vulnerability is fixed by Microsoft. Please note that we were forced to
    release this information public as these vulnerabilities are actively being
    exploited in the wild and are one of the most severe vulnerabilities ever
    found in Microsoft Hotmail/.Net Passport.
    Tech.News, Aug 27, 2004
  4. Dave Croft

    Duane Arnold Guest

    In the meantime, the world is going .NET and life goes on and PassPort will
    be used, like it or not. I don't think PP is an authentication that will be
    used to login to a bank or anything of the nature - so big deal.

    Duane :)

    I am an *unregistered* Linux user. Unreg# 99999999999999999
    Duane Arnold, Aug 27, 2004
  5. Dave Croft

    Tech.News Guest

    <posted & mailed>
    It will be a *Big Deal* for the countless of people whose identities will
    be stolen.
    Tech.News, Aug 27, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.