A severe vulnerability in Xbox Live reportedly allows hackers to notice the email ID of anyone using this service. That’s according to any cybersecurity researchers who claimed to discovered the loophole and reported it to Microsoft. Since then, the vulnerability has been patched on the server-side and Microsoft has issued a statement saying that users do not have to do anything on their part to mitigate the problem.
One of the researchers who reported the issue to Microsoft is Joseph ‘Doc’ Harris, who told ZDNet that the bug was located in the ‘enforcement.xbox.com’ domain, which allows Xbox users to see hits against their Xbox profile also file appeals. if they feel they have been unfairly reprimanded.
According to Harris, the portal cookies contained an Xbox User ID (XUID) field that was not encrypted, allowing hackers to view other users’ emails simply by replacing the value of the XUID cookie with the XUID of a test account that you created for testing purposes. as part of the Xbox bug bounty program. “I tried overriding the cookie value and updating, and suddenly I could see the emails of other (users),” he told the blog in an interview earlier this week.
As already mentioned, Microsoft has released a patch that encrypts the XUID. In an official statement, this company said it has “released an update to help protect customers.” This bug, but, was not covered by the Xbox Bug Bounty program, meaning Harris did not get any financial awards for his research, although Microsoft has agreed to include him in their Bug Bounty Hall of Fame as a contributor.
Also Read | Best 5 Graphic Mods in this GTA San Andreas Game