Saturday, April 20, 2024
HomeCyber Security BlogsA serious flaw could have allowed malicious actor to hijack

A serious flaw could have allowed malicious actor to hijack

Recently, an independent security researcher has discovered a serious flaw that could have allowed malicious threat actors to access any Microsoft account without the user’s knowledge. Microsoft has awarded Laxman Muthiyah $50,000 as part of its bug bounty program for reporting the serious flaw.

The vulnerability aims to brute-force the seven-digit security code that’s sent to a user’s email address or mobile number to corroborate his (or her) identity before resetting the password in order to recover access to the account. Microsoft addressed the issue back in November 2020 but the actual flaw was reported by Laxman Muthiyah in March 2021.

Although there are encryption barriers and rate-limiting checks designed to prevent an attacker from repeatedly submitting all the 10 million combinations of the codes in an automated fashion, Muthiyah said he eventually cracked the encryption function used to cloak the security code and send multiple concurrent requests. Indeed, Muthiyah’s tests showed that out of 1000 codes that were sent, only 122 of them got through, with the others blocked with the error code 1211.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us