|
|||||||
| Other Tech News The latest community based technology news from across the globe. (If you aren't a community newsposter then use the "Submit News" section.) |
 |
|
|
Thread Tools |
Jul 1, 2003, 12:44 PM
|
#1 |
|
DriverHeaven Extreme Member
Join Date: Jun 2002
Posts: 12,940
Rep Power: 0  |
Another Passport Flaw Reported
A newly disclosed vulnerability could let attackers reset passwords and hijack older Microsoft .Net Passport accounts, according to a message on an online mailing list discussing software vulnerabilities.
.Net Passport is Microsoft's online identity management service. It enables customers to use a single e-mail address and account password to sign on to a variety of affiliated services and Web sites. Microsoft's free Hotmail e-mail service and a number of partner sites support .Net Passport. New Vulnerability The vulnerability is in code used to help users who have forgotten their account password. Microsoft has implemented a Secret Question feature to validate the identity of a user who needs to reset an account password. But according to the security list discussion, attackers can manipulate this feature on .Net Passport accounts that were set up before Microsoft implemented the Secret Question function. The flaw was described in a message posted by Victor Manuel Alvarez Castro, who identifies himself as a security consultant. Microsoft did not immediately respond to requests for comment. Read More... |
|
|
|
Jul 1, 2003, 04:51 PM
|
#2 |
|
Banned
Join Date: Nov 2002
Location: In clothing
Posts: 3,510
Rep Power: 0 
|
This is a rather pointless security hole because even back in 1998 they were asking you a security question.
|
|
|
|
|
| Bookmarks |
| Thread Tools | |
|
|
