Spectacular Microsoft Passport vulnerability

Spectacular Microsoft Passport vulnerability. It was apparently trivial to hack Passport accounts: The flaw allowed a single Web address – or URL – to be used to request a password reset from the Passport servers. The URL contains the e-mail address of the account to be changed and the address where the attacker would like to have the reset message sent. By entering the single line into a Web browser an attacker can cause the Passport servers to return a link that allows an account's password to be reset. By following the link returned in the message, the attacker can change the password for the victim's account. [Ceejbot]

Leave a comment