Recap ...
"A critical vulnerability was found in the password reset functionality of Microsoft’s official MSN Hotmail service. The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections (token based). The token protection only checks if a value is empty then blocks or closes the web session. A remote attacker can, for example bypass the token protection with values “+++)-“. Successful exploitation results in unauthorized MSN or Hotmail account access. An attacker can decode CAPTCHA & send automated values over the MSN Hotmail module."
The find and the cause ...
"
The exploit was first discovered by a Hacker from Saudi Arabia who is a member of the popular security forum dev-point.com. Apparently the exploit got leaked to the dark-web hacking forums. All hell broke loose when a member from a very popular hacking forum offered his service that he can hacked “any” email accounts within a minute.
The exploit eventually spread like wild fire across the hacking community. Many users who linked their email account to financial services like Paypal and Liberty Reserve were targeted and the money looted away. While many other lost their Facebook and twitter accounts.
...
The exploit in itself was a very simple one. It involves using a Firefox addon called Tamper Data which allows the the user to intercept the outgoing HTTP request from the browser in real time and modify the data. All the attacked had to do was to select the “I forgot my Password” and select “Email me a reset link” and start the Tamper Data in firefox and modify the outgoing data. Numerous youtube videos have come up to demonstrate the proof of concept.
The fix ...
"a Microsoft spokesperson confirmed the existence of the security flaw and the fix, but offered no further details: “On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected.”
Via
Until the next exploit
cheers ...
"A critical vulnerability was found in the password reset functionality of Microsoft’s official MSN Hotmail service. The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections (token based). The token protection only checks if a value is empty then blocks or closes the web session. A remote attacker can, for example bypass the token protection with values “+++)-“. Successful exploitation results in unauthorized MSN or Hotmail account access. An attacker can decode CAPTCHA & send automated values over the MSN Hotmail module."
The find and the cause ...
"
The exploit was first discovered by a Hacker from Saudi Arabia who is a member of the popular security forum dev-point.com. Apparently the exploit got leaked to the dark-web hacking forums. All hell broke loose when a member from a very popular hacking forum offered his service that he can hacked “any” email accounts within a minute.
The exploit eventually spread like wild fire across the hacking community. Many users who linked their email account to financial services like Paypal and Liberty Reserve were targeted and the money looted away. While many other lost their Facebook and twitter accounts.
...
The exploit in itself was a very simple one. It involves using a Firefox addon called Tamper Data which allows the the user to intercept the outgoing HTTP request from the browser in real time and modify the data. All the attacked had to do was to select the “I forgot my Password” and select “Email me a reset link” and start the Tamper Data in firefox and modify the outgoing data. Numerous youtube videos have come up to demonstrate the proof of concept.
The fix ...
"a Microsoft spokesperson confirmed the existence of the security flaw and the fix, but offered no further details: “On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected.”
Via
Until the next exploit
cheers ...
