Printed from http://www.electronista.com

Microsoft stops Skype password resets over security issue

updated 08:19 am EST, Wed November 14, 2012

Password reset token core to two-month-old flaw

A security hole in Skype's account management has been discovered by Russian hackers. Posted on a forum two months ago, the flaw revolves around the password reset function and requires the user's e-mail address to accomplish, and finishes with the hacker gaining control of the Skype account while locking the legitimate user out.

Tested and verified by The Next Web, the method requires the hacker to create a new account with the target's e-mail address, then after performing some changes, the password can be reset using the password reset token without accessing the user's e-mail account. Since this allows anyone to effectively create a new account for an e-mail and then switch to the target username.

Considering the fact that Microsoft is integrating Skype into the Microsoft Account system, this could be a potentially damaging issue to users of Windows 8, with the system preferring users to sign in with it instead of a local account.

Microsoft has temporarily disabled the password reset function for Skype while it works on a solution.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Prong PWR Case

Ultimately there's one thing we all want from smartphone accessories; we want options. When it comes to keeping our iPhone charged, we ...

iHome iBT74 Color Changing Bluetooth Speaker

There's no reason why your tech can't look good while doing what it was designed to do. That's the reason that sports cars look good a ...

Logitech Gaming Daedalus Prime Mouse

Logitech Gaming continues to expand upon its peripherals line, with each one looking to fit neatly into a breadth of gaming needs. Bui ...

Advertisement

toggle

Most Commented