Menu
Security hole in T-Online webmail

Security hole in T-Online webmail

Since the beginning of May this year, T-Online webmail users have been at risk of other people changing their passwords and thus gaining power of attorney for the account.

The reason for this is that when you change your access password you are recklessly only asked for your email address and not for your old password. With the help of a small javascript you could easily change the passwords of other webmail accounts. T-Online was previously unaware of this security gap and has now taken the affected pages offline as a provisional solution. T-Online wants to downplay the explosiveness of this incident by saying that there are currently no indications that webmail accounts have been affected by an attack. The origin of the problem, namely that the user is only asked for their email address when they change their password, is not yet under control.

Comments