Windows Live ID vulnerability (comments and status)

Microsoft has become aware of a bug in the e-mail verification portion of the registration process for new Windows Live ID accounts. A way has been found to successfully complete the "verification" process for an e-mail address that the user does not own, using an email address the user does own. This problem is limited to the creation of new accounts and does not impact anyone with an existing Windows Live ID account. Means, at no time, this bug could have been used to hack into an existing live ID account!

Windows Live ID, as part of registration, verifies the associated e-mail account for each Windows Live ID. Since this authentication process, like many online services, verifies only a person’s e-mail address and not their identity, users should exercise caution when dealing with individuals online whose identity they cannot personally verify.

However, this issue has been resolved now.



Comments (0)

Skip to main content