genew@telus.net
Date: Fri, 08 Jun 2018 20:28:37 -0700
Zack Whittaker for Zero Day (8 Jun 2018)
Password reset flaw at Internet giant Frontier allowed account takeovers
A two-factor code used to reset an account password could be easily bypassed.
https://www.zdnet.com/article/password-reset-flaw-at-frontier-allowed-account-takeovers/
opening text:
A bug in how cable and Internet giant Frontier reset account passwords allowed anyone to take over user accounts.
The vulnerability, found by security researcher Ryan Stevenson, allows a determined attacker to take over an account with just a username or email address. And a few hours worth of determination, an attacker can bypass the access code sent during the password reset process.