Printed from http://www.electronista.com

Microsoft stops Skype password resets over security issue

updated 08:19 am EST, Wed November 14, 2012

Password reset token core to two-month-old flaw

A security hole in Skype's account management has been discovered by Russian hackers. Posted on a forum two months ago, the flaw revolves around the password reset function and requires the user's e-mail address to accomplish, and finishes with the hacker gaining control of the Skype account while locking the legitimate user out.

Tested and verified by The Next Web, the method requires the hacker to create a new account with the target's e-mail address, then after performing some changes, the password can be reset using the password reset token without accessing the user's e-mail account. Since this allows anyone to effectively create a new account for an e-mail and then switch to the target username.

Considering the fact that Microsoft is integrating Skype into the Microsoft Account system, this could be a potentially damaging issue to users of Windows 8, with the system preferring users to sign in with it instead of a local account.

Microsoft has temporarily disabled the password reset function for Skype while it works on a solution.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Samsung Galaxy S6 Edge

The Samsung Galaxy S6 range is a critical component in Samsung's flagging smartphone strategy. With sales of its high-end smartphones ...

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softball ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to myriad cloud storage solutions available. There is no doubt that over ...

Advertisement

toggle

Most Commented

 
toggle

Popular News