Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Microsoft .NET Passport

Posted by michael on from the doh dept.

Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.

1 of 433 comments (clear)

  1. Re:thoughts by Kredal · · Score: 0, Offtopic

    A "stupid person" alert from someone who spells "woop" with zeros. I'm not sure who's the stupider one here... (:

    Thanks for the spelling fix though, I'll keep that in mind.

    And to the AC above this who posted the same thing, it's "Freedomish", not French. d:

    --
    Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my