Hotmail hacked accounts for $ 20


The Redmond company indicated that it had fixed a security vulnerability in the least concerned worrying Hotmail. A 0-day vulnerability that could be exploited by attackers to reset the passwords of accounts, and therefore have access to the entire contents of a mailbox.

The blog reports including a member of a forum of hackers has offered his services for $ 20 and promise to crack any Hotmail account in a minute. The technique was nevertheless quickly posted on the Web.

Security researcher for Vulnerability Laboratory, Benjamin Kunz Mejri confirmed the existence of a critical flaw in Hotmail. Specifically, at the functionality of resetting a password and token authentication system that would normally ensure that only the account holder may proceed.

Through the assistance of the Tamper Data extension for Firefox that can intercept and modify HTTP requests from a browser, attackers were able to go beyond the protections put in place for Hotmail accounts.

" Des attaquants distants peuvent passer outre le service de récupération de mot de passe pour configurer un nouveau mot de passe en se jouant des protections basées sur un jeton. La protection par jeton vérifie seulement si une valeur est vide, puis bloque ou ferme la session Web. Un attaquant distant peut, par exemple, passer outre la protection par jeton avec des valeurs +++)- "
Vulnerability Laboratory explains that discovered the vulnerability on April 6. Microsoft was notified on April 20 for a correction took place a day later. But that is only now that Microsoft has publicly announced that correction.

Of the 350 million Hotmail users, the number of victims remains unknown.
You have read this article older with the title Hotmail hacked accounts for $ 20. You can bookmark this page URL Thanks!

1 comment for "Hotmail hacked accounts for $ 20"