Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Disables Password Resets After Huge Security Hole Discovered

Posted by Unknown on from the time-to-get-a-landline dept.

another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary fix.

2 of 65 comments (clear)

  1. I don't entirely buy this... by dalias · · Score: 4, Interesting

    I have multiple skype accounts created on the same email address (for different people, however) and it does not allow one to login as the other. It's possible to password-reset any of them independently.

  2. Re:Defective Microsoft by Kiuas · · Score: 5, Interesting

    To be fair I expect this hole existed when they brought Skype

    That doesn't seem likely. In fact, I think this is a side effect of Microsoft preparing to integrate the 100 million msn messenger users into Skype. Somebody has been trying to ensure that the accounts will overlap nicely and has obviously made a huge mistake which allows this to happen.

    --
    "It is the business of the future to be dangerous" -Alfred North Whitehead