Slashdot Mirror


Five-Year-Old Uncovers Xbox One Login Flaw

New submitter Smiffa2001 writes: "The BBC reports that five-year-old Kristoffer Von Hassel from San Diego has uncovered a (frankly embarrassing) security flaw within the Xbox One login screen. Apparently by entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing a password to an account. Young Kristoffer's dad submitted the flaw to Microsoft — who have patched the flaw — and have generously provided four free games, $50, a year-long subscription to Xbox Live and an entry on their list of Security Researcher Acknowledgments."

3 of 196 comments (clear)

  1. $300? by schneidafunk · · Score: 5, Insightful

    What does that come out to, about $300 for a severe bug? I thought Microsoft just paid out $100k for a Windows 8 flaw.

    --
    Some people die at 25 and aren't buried until 75. -Benjamin Franklin
  2. Who? How? by i+kan+reed · · Score: 5, Insightful

    Who takes shortcuts for code when you're developing a damned password entry system? I mean... really? When the sole purpose of the code is security, who goes "oh, whatever, we'll just match against whatever?"

    I mean, it's not like hashing or string comparison are hard problems.

  3. Re:Who? How? by CanHasDIY · · Score: 4, Insightful

    You'd be surprised. There's a LOT of bad security out there.

    Understatement of the day.

    Some people would be shocked if they knew how many retailers offering free wifi don't change their router's login from default. I know I always am.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese