Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




35 posts

Geek
+1 received by user: 3


Topic # 223302 22-Sep-2017 22:17
Send private message quote this post

Hello peeps

Anyone here have 2degrees webmail? preferably using a snap domain.

 

Need to confirm if there is a security hole.

1) Change the password to your email address to more than 8 characters long, password can be anything e.g. qwerty12345
2) Attempt to login to your email with only the first 8 characters e.g. qwerty12
3) Report results on this thread.

My email was hacked and was being used to send out spam, then figured out that only the first 8 characters were being used which would of made it much easier for someone to hack.

Issue was logged with 2degrees and it's been sitting with them for close to 3 weeks with no updates. Every time I call them they give me the same bs. They also said I'm the only person impacted by this password issue which I find hard to believe. Most likely they messed up >=8 char security rule and have it logged with their development team to fix which is why it's taking so long to get an answer.

If it is widespread 2degrees would need to notify their customers that their webmail service has a security hole.



Create new topic
Baby Get Shaky!
1497 posts

Uber Geek
+1 received by user: 363

Subscriber

  Reply # 1871310 23-Sep-2017 08:19
One person supports this post
Send private message quote this post

Just tried it with a fresh @snap.net.nz address and it did not work. Worked with full password but not first 8 only.


824 posts

Ultimate Geek
+1 received by user: 543

Trusted

  Reply # 1871388 23-Sep-2017 10:57
Send private message quote this post

I haven't reset my password but my password is longer than 8 characters.

 

Can confirm I could logon by just using the first 8 characters.

 

Edit: Just confirmed I can put anything after the 8th character and it accepts it. (ie Passwordxyz works when the password is "Password1")


 
 
 
 


2884 posts

Uber Geek
+1 received by user: 1504

Subscriber

  Reply # 1871427 23-Sep-2017 12:20
Send private message quote this post

PM'd someone I know at 2Degrees and pointed them at this thread. May help speed things up.





Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


1423 posts

Uber Geek
+1 received by user: 218

Trusted
2degrees

  Reply # 1871430 23-Sep-2017 12:29
One person supports this post
Send private message quote this post

Hey all,

 

We are not aware of any widespread issue with our webmail service at this time.

 

Can those that are affected please message us here privately with the email address in question, along with your broadband customer number and physical address, and we'll be more than happy to look in to this here for you and see what the story is.

 

Thanks,

 

Ralph ^JOB


824 posts

Ultimate Geek
+1 received by user: 543

Trusted

  Reply # 1871462 23-Sep-2017 13:35
One person supports this post
Send private message quote this post

Note a 2D customer anymore but still have my Snap email. Have PM'd you


'That VDSL Cat'
6961 posts

Uber Geek
+1 received by user: 1355

Trusted
Spark
Subscriber

  Reply # 1871662 23-Sep-2017 19:54
3 people support this post
Send private message quote this post

This reminds me of bank logins.

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




35 posts

Geek
+1 received by user: 3


  Reply # 1895342 4-Nov-2017 21:15
Send private message quote this post

 Still haven't heard anything.


612 posts

Ultimate Geek
+1 received by user: 166


  Reply # 1895343 4-Nov-2017 21:35
Send private message quote this post

Just seen the thread and confirm that this is an issue for me.

 

My password was over 8 characters to start with.

 

John





I know enough to be dangerous


xpd

The Overrated Raccoons
8445 posts

Uber Geek
+1 received by user: 1145

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1895469 5-Nov-2017 13:17
One person supports this post
Send private message quote this post

Heh... reminds me back in the IHUG days where I found long as you knew someones IHUG username, you could log into their homepage space usage checker with any password - so you could see any "hidden" dirs/files the user had on their site. Told webmaster, they fixed it, then following week restored from an old backup and put the problem straight back. 





XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

 


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52


NOW to deploy SD-WAN to regional councils
Posted 19-Dec-2017 19:46


Mobile market competition issues ComCom should watch
Posted 18-Dec-2017 10:52


New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.