Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Microsoft .NET Passport

Posted by michael on from the doh dept.

Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.

4 of 433 comments (clear)

  1. Microsoft? Insecure? by AltGrendel · · Score: -1, Troll
    Naaaaaaa.

    It'll never happen.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  2. mmm by Anonymous Coward · · Score: -1, Troll



    waiting for

  3. Exchelon made easy by Anonymous Coward · · Score: -1, Troll

    This is a perfect way to collect email addresses from script kiddies like you and me.

    Then turn the email list to the appropriate agency and fixed.

  4. Re:thoughts by binarytoaster · · Score: 0, Troll

    Wala, you now have rights to that hotmail account
    w00p! w00p! Stupid person alert!

    I feel the need to inform you that the correct spelling of that word is voila. Look it up sometime. Bleh.