Online CRIS Available to All
Discovered By:
Various Mac Hax0rs
Date:
September 1995
Patched:
Early 1996
When the morphing exploit was found several Hax0rs including Red Ryder
discovered CRIS. At the time CRIS was not protected behind the internal
firewall. Anyone with an OH/Internal account with CRIS rights could
access CRIS from anywhere. Another feature of CRIS at the time was the
ability to view the passwords to any screen name on an account in plain
text. This feature was used numerous times by mac hax0rs to sign onto AOL
accounts even after the Morphing exploit was patched. It was also how
TOSAdvisor and SteveCase were hacked.
Contributed By:
O0O
|
