Printed from http://www.electronista.com

Microsoft stops Skype password resets over security issue

updated 08:19 am EST, Wed November 14, 2012

Password reset token core to two-month-old flaw

A security hole in Skype's account management has been discovered by Russian hackers. Posted on a forum two months ago, the flaw revolves around the password reset function and requires the user's e-mail address to accomplish, and finishes with the hacker gaining control of the Skype account while locking the legitimate user out.

Tested and verified by The Next Web, the method requires the hacker to create a new account with the target's e-mail address, then after performing some changes, the password can be reset using the password reset token without accessing the user's e-mail account. Since this allows anyone to effectively create a new account for an e-mail and then switch to the target username.

Considering the fact that Microsoft is integrating Skype into the Microsoft Account system, this could be a potentially damaging issue to users of Windows 8, with the system preferring users to sign in with it instead of a local account.

Microsoft has temporarily disabled the password reset function for Skype while it works on a solution.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Tablo DVR

With over-the-top content options growing past Hulu and Netflix, consumers may be finding it harder to justify paying a monthly fee fo ...

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Sponsor

toggle

Most Commented

 
toggle

Popular News