MSN cross-site scripting flaw put Hotmail accounts at risk

Posted on Tuesday, June 07 2005 @ 16:32 CEST by Thomas De Maesschalck

Microsoft disabled a part of its MSN website as it contained a cross-site scripting flaw which allowed attackers to obtain passwords from Hotmail users by getting them to click on a malicious link.

Hotmail customers are no longer at risk, according to Microsoft. "The 'I Love Messenger' Web site has been disabled," the company representative said in an e-mail statement. The site, which hosts emoticons, display pictures and backgrounds for MSN Messenger, Microsoft's free instant messaging service, will be restored once the issue has been resolved, the company said. On Monday afternoon PT, the I Love Messenger Web address was redirecting users to the main MSN Messenger Web site.

The security flaw was found at http://ilovemessenger.msn.com. More info at CNET

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!