- Mar 16, 2013
- 582
Both Hotmail and Outlook.com email services are vulnerable to session fixation attacks that could allow cybercriminals to get full control of an account due to what seems to be an issue affecting the management of cookies and sessions.
Security guru Rishi Narang wrote on his blog that Microsoft’s emails platforms, along with Twitter, Yahoo and LinkedIn accounts, are all vulnerable to this flaw that could be quickly exploited even by someone without too much hacking experience.
“Microsoft mail services are vulnerable to this session management flaw. Apart from your regular MSN/Live email accounts, you can also move your corporate accounts on outlook exchange mail service. Thus, it also affects your Microsoft hosted corporate accounts. Now, the problem with outlook/live is that it authenticates the old session cookies even if the user has logged out from the session,” Narang explained.
More:
http://news.softpedia.com/news/Microsoft-s-Hotmail-and-Outlook-com-Are-Wide-Open-to-Hackers-339466.shtml
Security guru Rishi Narang wrote on his blog that Microsoft’s emails platforms, along with Twitter, Yahoo and LinkedIn accounts, are all vulnerable to this flaw that could be quickly exploited even by someone without too much hacking experience.
“Microsoft mail services are vulnerable to this session management flaw. Apart from your regular MSN/Live email accounts, you can also move your corporate accounts on outlook exchange mail service. Thus, it also affects your Microsoft hosted corporate accounts. Now, the problem with outlook/live is that it authenticates the old session cookies even if the user has logged out from the session,” Narang explained.
More:
http://news.softpedia.com/news/Microsoft-s-Hotmail-and-Outlook-com-Are-Wide-Open-to-Hackers-339466.shtml
