Wednesday, February 1, 2023
spot_img
HomeCyber Security BlogsA serious flaw could have allowed malicious actor to hijack

A serious flaw could have allowed malicious actor to hijack

Recently, an independent security researcher has discovered a serious flaw that could have allowed malicious threat actors to access any Microsoft account without the user’s knowledge. Microsoft has awarded Laxman Muthiyah $50,000 as part of its bug bounty program for reporting the serious flaw.

The vulnerability aims to brute-force the seven-digit security code that’s sent to a user’s email address or mobile number to corroborate his (or her) identity before resetting the password in order to recover access to the account. Microsoft addressed the issue back in November 2020 but the actual flaw was reported by Laxman Muthiyah in March 2021.

Although there are encryption barriers and rate-limiting checks designed to prevent an attacker from repeatedly submitting all the 10 million combinations of the codes in an automated fashion, Muthiyah said he eventually cracked the encryption function used to cloak the security code and send multiple concurrent requests. Indeed, Muthiyah’s tests showed that out of 1000 codes that were sent, only 122 of them got through, with the others blocked with the error code 1211.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -spot_img

Most Popular

Recent Comments

亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us