Microsoft has issued a fix for a “high severity” password reset vulnerability that was found in its Hotmail service.
The exploit allowed an attacker to hijack email accounts by using a Firefox add-on called Tamper Data, which intercepts outgoing HTTP requests and allows them to modify the data, thereby enabling them to reset the password.
It is thought that an as-yet unspecified number of accounts had been compromised, possibly by hackers based in Morocco.
Microsoft’s Hotmail team first picked up on the issue after it was referred to them by Benjamin Kunz Mejri, CEO and founder of Vulnerability Lab. A temporary fix was issued on 20 April before a patch resolved the problem.
“Remote attackers now get redirected to an exception page when they try to manipulate the session to reset passwords,” Mejri told Softpedia. “The vulnerability has been located, we notified them and the public attacks have been prevented by MSRC. We informed Microsoft regarding the vulnerability with detailed information.”
How well do you know Internet security? Try our quiz and find out!
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…