Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Microsoft .NET Passport

Posted by michael on from the doh dept.

Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.

1 of 433 comments (clear)

  1. Re:thoughts by binarytoaster · · Score: 0, Troll

    Wala, you now have rights to that hotmail account
    w00p! w00p! Stupid person alert!

    I feel the need to inform you that the correct spelling of that word is voila. Look it up sometime. Bleh.