Microsoft plugs another passport vulnerability

SpinnerSpinner Birmingham, UK
edited July 2003 in Science & Tech
Microsoft has disclosed that the latest vulnerability in its .NET passport system only actually affected a small number of accounts, all of which that were created before August 1999. They also stated that no actual data was compromised, however the fact that they only became aware of the glitch after a hacker informed them about it, doesn't inspire confidence.

Hotmail accounts that don't have a secret question set for password recovery were vulnerable to being taken over by an attacker. It's the second time in two months that a security issue has been found in Passport's password recover mechanism.

The full report:
Sign In or Register to comment.