NewDonate for Education

Select City
Login

Find New Phone
Buy Accessories
More
0 Device Added
close

Microsoft Awards Rs 36 Lakhs To Indian Security Expert For Pointing Out Bug

Share:facebookinstagramwhatsapp
By Yeti - 
5th Mar 2021
Microsoft Awards Rs 36 Lakhs To Indian Security Expert

Microsoft awards Chennai-based security researcher Rs 36 lakhs for pointing out a vulnerability in the company’s online services. The vulnerability can allow anyone to take over any Microsoft account without consent.

Security researcher Laxman Muthiyah was the one to point out the vulnerability. Laxman wrote a blog post on Tuesday regarding the issue in the online services of Microsoft.

Also read: Realme GT 5G To Launch Tommorow: Everything We Know So Far

Vulnerability in Microsoft

According to Laxman, the forgot password page of Microsoft was an easier target for hackers. If a user forgets his or her password, he or she can reset the password by clicking on forgot password. However, the user will have to enter the email address or phone number on the forgot password page.

After entering the email or phone number, the user will get a 7 digit code on his or her email or phone number. If the user will have to put that 7 digit code on the forgot password page of Microsoft, then he or she will be able to reset the password.

Consequently, if a hacker uses a trial and error method then he or she can reset the password of another user without needing permission. The hacker can use a trial and error method to put all the combinations of a 7 digit code. However, Laxman stated that there were some rate limits that will prevent the hacker from making a large number of attempts.

The Report and Award

Laxman noticed this vulnerability and recorded a video. In the video, he was recording all the bypasses and was creating a detailed step to reproduce the vulnerability. After that, he submitted the report to Microsoft.

Also read: Instagram Allows Four Users To Livestream Together

Microsoft was quick to reply and acknowledge the issue. After assessing the report by Laxman, the security team of Microsoft was able to patch the issue. Microsoft rewarded Laxman an amount of 50,000 dollars. This reward was a part of their identity bounty program. In this program, they reward those who identify the vulnerabilities of any online service by Microsoft.



Comments

Featured Videos

You May Also Read

Google Mobile Phone Price List In India
Google Mobile Phone Price List In India
Google has been creating Android which runs almost all the phones ever since smartphones came into the market. Google started creating its own smartphones and entered the flagship segment with the finest and refined variants from the brand in the Google Pixel Series. There are always 3 to 4 variants for every new series launched,…

New Launches

Samsung Galaxy M42 5G
Samsung Galaxy M42 5G
Starting from:
₹21,999
OPPO A74 5G
OPPO A74 5G
Starting from:
₹17,990
iQOO 7 Legend 5G
iQOO 7 Legend 5G
Starting from:
₹39,990