Slashdot Mirror


Security Vulnerability in Microsoft .NET Passport

Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.

4 of 433 comments (clear)

  1. Re:Security flaw in Passport!!!! by Anonymous Coward · · Score: -1, Redundant

    The world is round? Wha?

  2. Choice of words by truthsearch · · Score: -1, Redundant

    Microsoft user = victim

  3. Re:What do people expect? by rf0 · · Score: -1, Redundant

    Microsoft go for the release fast and patch after option. Get something out the door and go "Look, WOW new bit of software come and use it". Then patch it afterwards. Now you can't expect any software to be bugfree but you can't help but think they could try harder

    Rus

  4. Re:FUD by aug24 · · Score: 2, Redundant
    Let's start with the observation that it isn't fixed. All they've done is turn off the password change routines at the back end...!

    Personally I suggest everyone reading this makes sure to tell everyone they know, in order to stop people blindly trusting any incompetents. The fact that it's MS just makes the schadenfreude better.

    Justin.

    --
    You're only jealous cos the little penguins are talking to me.