A flaw in resetting passwords in webmaildienst Hotmail could hackers for weeks accounts over it. There were even tutorials on YouTube appeared how it works. Microsoft has the leak now been silently corrected.
The leak could be exploited by the data of a token to affect via Firefox add-on Tamper Data. Because Hotmail only checked whether a token was present and not whether the token was correct, could hackers on that way reset the password and log in to the Hotmail account. This is evident from a report on Vulnerability-Lab.
Probably is the vulnerability actively exploited; an unknown hacker posted last week a tutorial video on YouTube. The first manuals would be three weeks ago on the internet appeared. The leak was last week’s poem. It is unclear how many people have been the victims of hackers who have been abused.