Printed from http://www.electronista.com

Microsoft stops Skype password resets over security issue

updated 08:19 am EST, Wed November 14, 2012

Password reset token core to two-month-old flaw

A security hole in Skype's account management has been discovered by Russian hackers. Posted on a forum two months ago, the flaw revolves around the password reset function and requires the user's e-mail address to accomplish, and finishes with the hacker gaining control of the Skype account while locking the legitimate user out.

Tested and verified by The Next Web, the method requires the hacker to create a new account with the target's e-mail address, then after performing some changes, the password can be reset using the password reset token without accessing the user's e-mail account. Since this allows anyone to effectively create a new account for an e-mail and then switch to the target username.

Considering the fact that Microsoft is integrating Skype into the Microsoft Account system, this could be a potentially damaging issue to users of Windows 8, with the system preferring users to sign in with it instead of a local account.

Microsoft has temporarily disabled the password reset function for Skype while it works on a solution.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, if ...

Patriot Fuel+ 6000 and 9000mAh batteries

Mobile device batteries are better than they used to be, but there's always a scenario where users could use more juice. Upgrade manuf ...

Sponsor

toggle

Most Commented

 
toggle

Popular News