Xbox Bug That Could Have Leaked Actual User Email IDs Through Gamer Tag Patched by Microsoft: Report


Microsoft has reportedly patched a bug in an Xbox website that could have potentially exposed users’ real email addresses associated to their Xbox gamer tags. This vulnerability was reported to the company through its bug bounty programme and has since been fixed. The findings for the bug that was reportedly found on enforcement.xbox.com were shared with an online publication earlier this week. The report explains that an Xbox user ID (XUID) field was unencrypted on enforcement.xbox.com.

According to a report by ZDNet, the bug in enforcement.xbox.com was spotted by Joseph “Doc” Harris and a team of security researchers. The website, enforcement.xbox.com, allows Xbox users to view strikes against their profile, as well as file appeals if in case they feel the strike is unfair. It was found that after a user logs in to the website, it creates a cookie file with details of the web session in their browser. This cookie file included an unencrypted Xbox user ID (XUID) field.

Harris was able to use standard browser tools to edit the XUID field and replace it with the XUID of a test account he had created for the Xbox bug bounty programme. Once he replaced the value and refreshed the page, emails of other users were visible. Check out the video by Harris detailing the same.

It was noted that other subdomains were not affected by this bug. The report states that Microsoft patched this bug last month and encrypted the XUID. It was a server-side fix and a Microsoft spokesperson told ZDNet that users do not need to do anything. Additionally, while the bug was not covered under the company’s bug bounty programme, it featured Harris as a contributor in its Bug Bounty Hall of Fame. However, there was no monetary reward.

The bug had the potential to leak actual email IDs to hackers which could then be used for malicious purposes. What’s alarming is that no special tool was required to get access to other user’s email ID.


Which is the best TV under Rs. 25,000? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

 

Affiliate links may be automatically generated – see our ethics statement for details.



Source link

Latest articles

Apple could make a new MacBook Pro model that would come with a Touch Bar supporting pressure sensing Force Touch. This has been...

Xbox Bug That Could Have Leaked Actual User Email IDs Through Gamer Tag Patched by Microsoft: Report

Microsoft has reportedly patched a bug in an Xbox website that could have potentially exposed users' real email addresses associated to their Xbox...

High Blood Sugar May Up Death Risk In Non-Diabetics Due To Covid-19 – Study; Diet Tips To Manage Blood Sugar

The on-going Coronavirus pandemic has affected millions of lives across the globe. While some remain asymptomatic, others are diagnosed with severe symptoms. People...

Autorickshaw Driver Arrested For Dragging Maharashtra Cop On Road

The accused was arrested immediately and will be presented in court on Friday. (Representational)Aurangabad: An on-duty traffic policeman was dragged on the...
44.1k Followers
Follow

Related articles

Leave a reply

Please enter your comment!
Please enter your name here