Skype Disables Password Resets After Huge Security Hole Discovered 65
another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)"
concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary fix.
I don't entirely buy this... (Score:5, Interesting)
Re:Defective Microsoft (Score:5, Interesting)
To be fair I expect this hole existed when they brought Skype
That doesn't seem likely. In fact, I think this is a side effect of Microsoft preparing to integrate the 100 million msn messenger users into Skype. Somebody has been trying to ensure that the accounts will overlap nicely and has obviously made a huge mistake which allows this to happen.
Xbox Live (Score:2, Interesting)
This doesn't compare to the skype hole but there should be no way to link an account to an unverified email address.