Press "Enter" to skip to content

Month: March 2021

Race Condition leads to MS Account Takeover

This week security researcher Laxman Muthiyah published his bugbounty write-up “How I Might Have Hacked Any Microsoft Account“. For his finding, he was paid a bugbounty of $50,000 by Microsoft. The researcher describes a vulnerability that theoretically can be used to bypass a rate limit which results in brute-forcing a code. Theoretically, a 6-digit code (1 million necessary attempts) can…

1 Comment