Skype on Wednesday fixed a vulnerability that allowed users’ accounts to be hijacked using the password reset process. The vulnerability was published two months ago on the Russian site Xeksec. Skype has fixed the problem by updating the password reset process. To exploit the vulnerability, all a hacker needed to know was a victim’s email address. By entering that address on Skype’s sign-in page, hackers would receive a warning that an account with that email address already exists. The hacker could then create a new Skype account tied to another email address.
Loading ...
Skype Fixes Flaw Allowing Easy Account Hijack
Posted by: Richard Adhikari November 15, 2012 11:03 AMSkype on Wednesday fixed a vulnerability that allowed users’ accounts to be hijacked using the password reset process. The vulnerability was published two months ago on the Russian site Xeksec. Skype has fixed the problem by updating the password reset process. To exploit the vulnerability, all a hacker needed to know was a victim’s email address. By entering that address on Skype’s sign-in page, hackers would receive a warning that an account with that email address already exists. The hacker could then create a new Skype account tied to another email address.