Windows 7 Microsoft Kills Hotmail Hijack Threat

A

Adamsappleone

U.S.Navy D.A.V.
It took Redmond 1 day to kill a threat that allowed users with a Firefox add-on (Tamper Data) to remotely reset the password of a Hotmail account and allowing them to access the outgoing HTTP request, then modify the data.

Remote attackers can bypass the password recovery service to set up a new password and bypass in place protections (token based). The token protection only checks if a value is empty, then blocks or closes the web session. A remote attacker can, for example, bypass the token protection with values “+++)-“. Successful exploitation results in unauthorized MSN or Hotmail account access.
Click to expand...

Microsoft was notified April 20, 2012, applied the fix April 21, 2012, then publicized it April 27, 2012

Quote from Microsoft squashes Hotmail password hijack bug ? The Register
 
You must log in or register to reply here.

Similar threads

News
Inspired by challenges in your workday: latest innovations and updates from Microsoft Edge
Replies
0
Views
1K
News
News
News
Available today: The Windows 11 2022 Update
Replies
0
Views
1K
News
News
News
Gen-trepreneur Z is making its mark on the future of small business
Replies
0
Views
1K
News
News
News
MWC 2022: The next Microsoft Pluton Device + PAC technology
Replies
0
Views
758
News
News
News
Retrieve source maps securely in production in Microsoft Edge DevTools
Replies
0
Views
1K
News
News
Back
Top