Skype Disables Password Resets After Huge Security Hole Discovered

another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary fix.

Re:Oh, no!

It already has been. Anonymous Cowards are everywhere! We are Legion!

Re:Defective Microsoft

I'd ask for a refund!

Re:Defective Microsoft

Your to fussy. I could care less.

Re:Defective Microsoft

[yahwotqa]

Guys, loose this off-topic subthread already.

HurrDurr 101?

[SuperCharlie]

If I understand this "security hole" correctly.. and they have already popped the data to let you know the email is taken.. isn't it pretty much close to nobrainer not to go ahead with that insert query? I may be a simple caveman.. but cmon.. even in my worst spaghetti code this is solidly on the durr side of Hurr-Durrrr

Re:Don't they test anything?

[pixelpusher220]

Well they have a QA system, but they forgot the password, and right now the password reset functionality is disabled.

I'm sure they'll get back to it soon though!

Re:Phew

[mr1911]

I could have been easily hit by that one...

Think you weren't? I've been dialing your contacts all morning while dressed appropriately for chatroulette. Your grandma did not look happy, but your wife stayed connected for 45 minutes...