ID: IRCNE2012111676
Date: 2012-11-17
According to "cnet", skype has resolved a nasty e-mail and password security bug and reinstated its password reset page.
Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.
As a precaution, Skype earlier today took down its password reset page to prevent hackers from taking advantage of the flaw.
Skype users can now change their passwords using the password reset page accessible from their account profile.
Skype fixed the issue rather quickly today. But the problem was first documented on a Russian forum two months ago, according to blog site TG Daily. The people who uncovered the flaw reportedly told Skype about it, but the company apparently didn't act on the matter until now.
- 2