This isn't merely an authentication bypass IMO, it's a total disregard for effective authentication... http://www.cio.com/article/716547/Phone_Numbers_Are_Enough_to_Access_User_Accounts_on_Some_Mobile_Operator_Portals
I don't know whether I should be outraged or rolling on the floor laughing about this one... -Steph
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.