Microsoft awards around $50000 bounty to Chennai security researcher: Here's the reason


Microsoft has awarded $50000 bounty to Chennai-based security researcher Laxman Muthiyah for pointing out vulnerabilities in its online services.

Microsoft has awarded a bounty of $50000 (around Rs 37 lakh) to a Chennai-based security researcher, Laxman Muthiyah for drawing attention to a "potential vulnerability" on Microsoft online services. Muthiyah wrote in a blog post that the vulnerability might have allowed anyone to take over any Microsoft account on the company's online services without consent permission. Also Read - Microsoft Surface Laptop 4 launched: Intel, AMD options offered

The issue has since then been patched by the Microsoft security team. The bounty was rewarded to Muthiyah as part of Microsoft's Identity Bounty Program. The security researcher said that the vulnerability in Microsoft online services was similar to a loophole in Instagram that was discovered by him previously. Also Read - Forza Horizon 5 map accidentally leaks, could shift from Britain to Japan

Microsoft awards $50000 to Chennai-based developer: What was the loophole?

Muthiyah was to potentially take over anyone's account on Microsoft online services by exploiting a vulnerability where a user needs to enter a 7-digit code sent on their email address or phone number to reset their password, in their forgot password page. Also Read - Microsoft could hold major gaming event this month: Here's what we know

"Once we receive the 7 digit security code, we will have to enter it to reset the password. Here, if we can bruteforce all the combination of 7 digit code (that will be 10^7 = 10 million codes), we will be able to reset any user's password without permission," he explained.

"But, obviously, there will be some rate limits that will prevent us from making large number of attempts." However, after a few days of effort, he was successfully able to spot the flaw that allowed him to take over someone's account on Microsoft online services.

Microsoft patched the issue in November

"Immediately, I recorded a video of all the bypasses and submitted it to Microsoft along with detailed steps to reproduce the vulnerability. They were quick in acknowledging the issue," the researcher pointed out. According to the researcher, Microsoft patched the issued in November 2020. Consequently, Muthiyah was awarded a bounty of $50,000 on February 9, 20201, he revealed.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.

Published:Fri, March 05, 2021 1:24pm | Updated:Fri, March 05, 2021 3:12pm



More From News

NewsGoogle commits to provide 2.5 lakh COVID-19 vaccines to needy countries, list includes India
NewsAirPods 3 leaks: New AirPods could launch on April 20 alongside Apple Pencil 3, new iPad Pros, AirTags
NewsGoogle Assistant can now locate your iPhone, gets more smart features
NewsSmartphone brands could suffer 5 mn shipment loss due to lockdown: Report
NewsLatest Android 12 leak shows tons of never seen before features; here's a look

More From Bgr

AppsYou can now download albums on Spotify desktop app: Here's how
MobilesRealme 8 5G with MediaTek Dimensity 700 5G SoC India launch date gets confirmed
MobilesRealme Q3 price and some key specifications leak ahead of imminent launch
MobilesiQOO T appears on IMEI database, India launch soon?
MobilesRedmi gaming phone to support up to 67W charging, reveals 3C certification



Latest Videos

More Videos

Explore more