Security Flaw Threatened Microsoft Passport Personal Information
The company says the flaw, which let hackers change a customer's password, has been fixed.
A flaw in Microsoft's password recovery let hackers change a customer's password to Microsoft's Passport online-identity service, but has been fixed, the company confirmed Thursday.
The flaw was posted late Wednesday to Full Disclosure, a security mailing list. It let attackers change the password of users' accounts for any account where the attacker knew the user name the customer was using to access Passport. Analysts say the attack appeared simple to perform and jeopardized customers' personal information, including credit-card information.
Passport accounts can used by Web surfers to log onto multiple Web sites using the Passport service as the single authentication to Web sites that choose to accept Passport logins as authentic. Microsoft also has touted Passport as an important part of its Web services future.
Adam Sohn, product manager for Microsoft Passport, says the company shut down user access to its Passport password-reset service shortly after it learned of the flaw. Microsoft fixed the problem within eight hours of its disclosure, he says.
That may be so, but Avivah Litan, VP for financial services at Gartner, says the incident doesn't bode well for Microsoft. Litan says while Microsoft's problems with security vulnerabilities may be widely known in the tech industry, average consumers will become wary of the company's software as they learn about security issues like this. "This is exactly what they didn't need at the wrong time," Litan says. "This is just going to escalate the issue and make their security issues more widely known to a wider audience."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.