Microsoft Fixed The Password Reset Vulnerability in Hotmail

Microsoft Fixed The Password Reset Vulnerability in Hotmail  

Recent security issue I mean the 0-day vulnerability on hotmail, which was allowing users to reset passwords remotely has been fixed. The vulnerability existed in Hotmail's password reset feature. Hackers were able to use a Firefox add-on called Tamper Data to intercept the outgoing HTTP request following a password reset request and modify the data, locking out the account holder and gaining access to their inbox.
 Microsoft security team said in a tweet on Friday that it had "addressed a reset function incident to help protect Hotmail customers", and that no further action was needed on the customer's part. "The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections (token based) … Successful exploitation results in unauthorised MSN or Hotmail account access," the researchers wrote on Thursday. Although public disclosure only came on Thursday, reports had already been circulating of the flaw's exploitation.  The WhiteC0de blog noted a week ago that the exploit had "spread like wildfire across the hacking community", with victims losing money and, in some cases, valuable usernames. The Whitec0de report also noted rumours of a separate "critical vulnerability" in Hotmail that is also being exploited by hackers, but stressed that there was no evidence yet of these rumours' veracity.

-Source (ZDnet)  


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...