Security risk in Excite/BlueTie

Email-related messages: Mail service provider announcements, general help, other
Post Reply
User avatar
Jeff
Admin / Developer
Posts: 9226
Joined: Sat Sep 08, 2001 9:46 pm

Security risk in Excite/BlueTie

Post by Jeff »

I came across a potential security hole while working on Excite this weekend. Simply logging out of the account is not enough to log you out. Here's the step-by-step:

1) Sign into excite at email.excite.com and tick the option to remember
2) Press "Logout" in the upper-right and it takes you back to the sign-in page
3) Go to email.excite.com again and it takes you directly into your account without having to sign in. This will work even if you exit your webbrowser.

If you need to do a full logout, click on the "I am not [username]" after clicking on the logout link.

If you don't tick the "remember me" option, then it will still log you in automatically after you logout; however, if you exit your webbrowser you'll get the sign-in page.


This only applies to accounts that use the new BlueTie interface.
Post Reply