Microsoft has issued a fix for a “high severity” password reset vulnerability that was found in its Hotmail service.
The exploit allowed an attacker to hijack email accounts by using a Firefox add-on called Tamper Data, which intercepts outgoing HTTP requests and allows them to modify the data, thereby enabling them to reset the password.
It is thought that an as-yet unspecified number of accounts had been compromised, possibly by hackers based in Morocco.
Microsoft’s Hotmail team first picked up on the issue after it was referred to them by Benjamin Kunz Mejri, CEO and founder of Vulnerability Lab. A temporary fix was issued on 20 April before a patch resolved the problem.
“Remote attackers now get redirected to an exception page when they try to manipulate the session to reset passwords,” Mejri told Softpedia. “The vulnerability has been located, we notified them and the public attacks have been prevented by MSRC. We informed Microsoft regarding the vulnerability with detailed information.”
How well do you know Internet security? Try our quiz and find out!
Tesla lays off software, service, engineering staff after disbanding Supercharger team, as major cull continues
Dominant Bitcoin ETF Grayscale Bitcoin Trust shows first net inflow since January as investors flock…
US campaign funding groups backed by cryptocurrency sector raise more than $102m as firms seek…
Explore the cutting-edge realm of cybersecurity with 'A New Age of Cybersecurity' podcast. Learn how…
Robinhood Markets says it received SEC enforcement notice over cryptocurrency trading platform amidst ongoing crackdown
Chip designer Synopsys to sell software integrity unit to private investors to create new independent…