[plug] M$ does it again

Richard Meyer meyerri at au1.ibm.com
Fri May 9 11:41:37 WST 2003


 A serious security flaw in Microsoft's Passport service put customers' accounts, including     
 their personal information and credit card numbers, at risk of being hijacked.                 
 The flaw, in Passport's password recovery mechanism, allowed an attacker to change the         
 password on any account to which the user name is known. The flaw was disclosed late Wednesday 
 night on the security mailing list Full Disclosure                                             



More information about the plug mailing list