A new security hole has been discovered in Microsoft’s Skype that allows anyone to change password and hijack account.The issue was first posted on a Russian forum two months ago and has been confirmed by The Next Web.
Skype shared the following statement with The Next Web:
“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority”
A number of hours after The Next Web revealed a flaw in the way Skype handled password resets, allowing third-parties to hijack accounts using just an email address, Skype has said that it has now fixed the issue. The company has confirmed it first mitigated the issue, but has now updated its password reset process so that it doesn’t send tokens to the client. Now it is confirmed that this flaw has been fixed.
Skype shared the following statement with The Next Web:
“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority”
 |
| Skype |
