
Critical vulnerability in Skype
Critical security vulnerability found in Skype (the service voice and video). The vulnerability allows to hack any account of Skype.
To crack only need to know the email address of the victim. Hacking scheme is as follows:
- You need to register a new Skype Name to e-mail the victim (technically possible);
- After that, you must log in to your new account, delete all cookie files and request password recovery;
- After that, the window will be notified of Skype “password token”, which referred to;
- This link, the user can select which kind login Skype, registered at the address of e-mail, he wants to change the password;
- Among these logins will be like the one that the user has just registered on another e-mail, and username of the owner of this e-mail;
- So, with no access to other people’s box and without the knowledge of the old password, you can change someone else’s password.
Breaking procedure demonstrated in the video user of Twitter @ asintsov. Skype representatives had no immediate comment on the vulnerability.
Feature of the vulnerability is that an attacker can not completely deny the account holder’s access to it, as the notification of the password change will come and the mailbox one whose account has been compromised. The only way out: re-registration Skype on e-mail, which no one knows who is not blown out in the databases.
> Feature of the vulnerability is that an attacker can not completely deny the account holder’s access to it…
Actually, attacker can completely deny the account holder’s access to it. In order to do that, attacker just changes primary email to his own, and removes previous (victim’s) email.
How to steal any skype account in 6 easy steps and how to protect your skype account. Illustrated guide – http://bit.ly/SLtlZi
The Skype’s administration has blocked password recovery form as a temporary solution to the vulnerability of the system to authenticate users.
Skype just hours has reported to eliminate a serious bug, the use of which are possible reset the user password and data theft legitimate user https://malwarelist.wordpress.com/2012/11/14/skype-has-closed-the-possibility-of-hijacking/