Xbox password flaw exposed by five-year-old boy

page: 1
4

log in

join

posted on Apr, 8 2014 @ 05:27 PM
link   

Kristoffer Von Hassel, from San Diego, figured out how to log in to his dad's account without the right password.

Microsoft has fixed the flaw, and added Kristoffer to its list of recognised security researchers.

In an interview with local news station KGTV, Kristoffer said: "I was like yea!"

The boy worked out that entering the wrong password into the log-in screen would bring up a second password verification screen.

Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account.

Link


Wonder what some programmer was thinking. I suppose it could have been a 'required feature' dictated by a higher up.




posted on Apr, 8 2014 @ 06:03 PM
link   
Its just like Microsoft Windows desktop password. Its useless and very easy to crack. Not sure why Microsoft has a password protected OS.



posted on Apr, 8 2014 @ 06:07 PM
link   

eManym
Its just like Microsoft Windows desktop password. Its useless and very easy to crack. Not sure why Microsoft has a password protected OS.


They wanted people to believe you need to protect the whole computer and not just encrypt your hard drive. Can't sell security software if people know they don't need it.

And I don't believe the dad. He knew there was a security risk and told people his kid figured it out when people come to learn he was getting into other peoples accounts. "My 5 year old found a security breach, and how did all this money get into my bank account"
edit on 8-4-2014 by marbles87 because: (no reason given)



posted on Apr, 8 2014 @ 06:46 PM
link   
That was a poor back door.



posted on Apr, 8 2014 @ 10:21 PM
link   
Flaws, are purposely put there I believe. Only because certain people pressure companies to insert a flaw our two.



posted on Apr, 9 2014 @ 03:13 AM
link   
reply to post by roadgravel
 


Well if his dad was doing it, and the kid learned, or the dad was lying (which I doubt by the quote from the kid, seems legit), I don't think he can have taken money and put it into his bank account. He could use other peoples cards to download stuff, but even then, my gf and I have 2 separate accounts, and she can't watch my movies on her account on the same xbox, as I can't watch her movies on my account on same xbox. Most likely a back door put in by the programmers so they could hack into anyone elses account they wanted, or for Microsoft to do so for whatever reason. Think about it, they would never need to pay for xbox live, just find someone who already did. I doubt that is the case, but there is a logical reason for a back door, actually many reasons I can think of.


I WISH I KNEW ABOUT THIS EARLIER SO I COULD TAKE ADVANTAGE OF FREE XBOX LIVE!
edit on 4/9/14 by SixX18 because: (no reason given)



posted on Apr, 9 2014 @ 08:50 AM
link   
reply to post by SixX18
 

I bet you are the only one who would have liked to have known about it.


This seems really odd though. Maybe I under estimate how lazy workers can be.





new topics
top topics
 
4

log in

join