- Recommend:
- 0 Comments
Passport Flaw Exposes User Info
Microsoft is working to fix hole that could reveal credit card info.
Microsoft has scrambled to shut down a flaw in its Passport service that could potentially reveal users' critical personal information, a company spokesperson confirmed Thursday.
The flaw, which was reported to the company late Wednesday, was located in the service's password recovery system and would allow attackers to change an account password if they knew the user name.
Adam Sohn, a product manager with the Passport team, said Thursday that the flaw has been shut down and that the company is working to quickly fix the matter.
Serious Situation
While Sohn said a preliminary investigation suggested that the vulnerability was not seriously exploited, it could potentially pose a large security threat to Passport users who store critical personal information such as credit card information with the service to access various online sites and services without having to retype information.
The vulnerability was in the function that allowed users to request a forgotten Passport password via e-mail. By tricking the system into initiating an e-mail password reset process, a malicious attacker could then request that the password be sent to a different e-mail address, Sohn said.
Microsoft has turned off this feature while it fixes the problem, and users requesting a forgotten password were instructed to use other means, such as going through the customer service support page.
Sohn said that the problem should be fixed "within hours" and that the company is actively investigating the matter.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
- Porn Site Users Beware: LulzSec Posts Your E-mail Address
- Password Manager
- Google Wallet Suspends Prepaid Credit Card Functions
- Google's 'Me on the Web' Tool Alerts You to Personal Data Leaks
- Microsoft Modifies Passport Policy Amid Complaints
- How to Use Strong Passwords
- LastPass CEO Explains Possible Hack
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.



















