Outlook.com had 'classic' XSS flaw in authentication engine

Redmond pays $25k to hacker who spotted flaw allowing anyone to own your email.

Darren Pauli:

Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked.

The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

To read the entire article, please click here.

Source: http://www.theregister.co.uk/

 

Facebooktwittergoogle_plusredditlinkedinmail

Leave A Comment