Outlook.com had 'classic' XSS flaw in authentication engine

Redmond pays $25k to hacker who spotted flaw allowing anyone to own your email.
Darren Pauli:
Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked.
The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.
The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.
To read the entire article, please click here.
Source: http://www.theregister.co.uk/


Leave A Comment