Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Microsoft patches major Hotmail 0-day flaw after apparently widespread exploitation
Posted by Philipp Esselbach on: 04/27/2012 07:52 AM [ Print | 0 comment(s) ]
Microsoft quietly fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account last Friday.
From Ars Technica:
Microsoft patches major Hotmail 0-day flaw after apparently widespread exploitation
The company was notified of the flaw on April 20th and responded with a fix within hoursbut not until after widespread attacks, with the bug apparently spreading "like wild fire" in the hacking community.
Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password: a link with the token is sent to an account linked to the Hotmail account, and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account.
Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password: a link with the token is sent to an account linked to the Hotmail account, and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account.
Microsoft patches major Hotmail 0-day flaw after apparently widespread exploitation
Related Threads
07/16/2010 11:12 AM: Microsoft Windows Network - invalid (deleted ) domain (0) by LuRs52
01/04/2011 02:24 AM: How flexible is Microsoft Security Essentials? (1) by MrJeebs
10/06/2009 10:44 AM: Microsoft windows network install (7) by danleff
11/16/2008 11:21 PM: Microsoft Xbox 360 Wireless Receiver for Windows (1) by Steiner
06/30/2008 12:27 AM: Microsoft Sidewinder FF Wheel (0) by DenMac70
07/09/2008 10:58 AM: New bigger hard drive - will Microsoft object? (4) by EASEUS Data Recovery
01/06/2008 01:00 PM: Microsoft.NET (4) by Cormac
07/26/2007 09:40 AM: Microsoft SideWinder Precision Wheel Sensitivity (1) by danleff
05/26/2007 05:28 PM: microsoft sidewinder ff wheel shaking non stop (0) by x-c33d
10/11/2009 04:16 AM: Microsoft Windows Network Lost (2) (2) by wlidster
01/04/2011 02:24 AM: How flexible is Microsoft Security Essentials? (1) by MrJeebs
10/06/2009 10:44 AM: Microsoft windows network install (7) by danleff
11/16/2008 11:21 PM: Microsoft Xbox 360 Wireless Receiver for Windows (1) by Steiner
06/30/2008 12:27 AM: Microsoft Sidewinder FF Wheel (0) by DenMac70
07/09/2008 10:58 AM: New bigger hard drive - will Microsoft object? (4) by EASEUS Data Recovery
01/06/2008 01:00 PM: Microsoft.NET (4) by Cormac
07/26/2007 09:40 AM: Microsoft SideWinder Precision Wheel Sensitivity (1) by danleff
05/26/2007 05:28 PM: microsoft sidewinder ff wheel shaking non stop (0) by x-c33d
10/11/2009 04:16 AM: Microsoft Windows Network Lost (2) (2) by wlidster