Microsoft Admits Passport Security Flaw
Does anyone here use Microsoft Passport for their web business? If so, are you aware of the flaw that was discovered earlier this month? (I wasn't.)
The vulnerability is in the Passport function that allows users to request their forgotten passwords by email.
One researcher found that by typing a specific Web address containing the phrase, "emailpwdreset", he could seize any person's Passport account and change the password.
More details are on these pages:
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=10000198
http://www.wired.com/news/technology/0,1282,48105,00.html
A technical analysis of other possible flaws can be found on this page:
http://alive.znep.com/~marcs/passport/
mairving posted this at 18:11 — 20th May 2003.
They have: 2,256 posts
Joined: Feb 2001
No, I don't use it unless forced to. MS forces you to use Passport if you subscribe to any of their services. It is not suprising although it should be easy to fix.
Mark Irving
I have a mind like a steel trap; it is rusty and illegal in 47 states
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.