Skype Disables Password Resets After Huge Security Hole Discovered 65
another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)"
concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary fix.
Re:Defective Microsoft (Score:1, Informative)
Bought*
I wish people would get this mix up of words right. It's like when someone says "me either" in response to something like "I dont like that":
- I don't like bees
- Nah, me either, i hate them.
It's neither dammit!!
Re:I don't entirely buy this... (Score:5, Informative)
You miss the point completely.
It's password reset token notification with link (like this [imgur.com]) that appeared in Skype clients of anyone who has this email set as primary. When you click that link it led to password reset page with a dropdown box listing all accounts registered with this email and "reset password" button.
The problem is that they don't require verification when setting a primary email.
Re:A *little* more information would have been nic (Score:4, Informative)
RTFA! It's all clearly explained there!