Windows 7 Researchers Finds Dangerous Vulnerability in Skype

JMH

Senior Member
Joined
Sep 21, 2010
Messages
361
A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online.

The consultant, Levent Kayan, based in Berlin, Link Removed - Invalid URL on Wednesday and notified Skype a day later. He said on Friday he hasn't heard a response yet.
The problem lies in a field where a person can input their mobile phone number. Kayan wrote that a malicious user can insert JavaScript into the mobile phone field of their profile.
When one of their contacts comes online, the malicious user's profile will be updated, and the JavaScript will be executed when the other contact logs in. Kayan wrote that the other person's session could be hijacked, and it may be possible to gain control of that person's computer. An attacker could also change the password on someone's account.
Link Removed
 


Good thing for a mobile skype user to know.
 


Back
Top