http://securityhole.8m.com/

New Webmail Security Hole Found - 10 April 1999

MAO Enterprises announced today that a security flaw in Rocketmail's free web
email services at www.rocketmail.com. If you should happen to know the login
name of an account at Rocketmail which has been inactive for a while, it is
possible to reactivate the account with no proof that you were the original
account holder. Simply supply a new password and you now have the address of
someone else's inactive account. Why is this dangerous? It is possible to pass
yourself off as the original accountholder, unbeknownst to family and friends
of the orignal accountholder. In addition, the ORIGINAL PREFERENCES of the
original account are preserved! This makes it extremely easy to retrieve
personal data, addressbooks, and other info which were stored by the last
user.

We hope that Rocketmail will strive to fix this problem.

M.A.O Enterprises ERT