Daily Tech News, Interviews, Reviews and Updates

Xbox Security: A bug found in Xbox could have given away user email IDs by using gamer tags has been fixed by Microsoft

Apps
By Kaushiki Ghosh

Reportedly, Microsoft has fixed a bug in an Xbox site. The bug might have possibly uncovered clients’ genuine email delivers related to their Xbox gamer labels. This problem was accounted for to the organization through its bug abundance program and has since been fixed. The discoveries for the bug that was found on enforcement.xbox.com were imparted to an online distribution recently. The report clarifies that an Xbox client ID (XUID) field was decoded on enforcement.xbox.com.

Xbox Live Bug Allowed Hackers To Reveal Anyone's Email Address - Xbox News

Bug spotted by Joseph “Doc” Harris 


However, the bug in enforcement.xbox.com was spotted by Joseph “Doc” Harris and a group of security specialists.

You Might Also Like

Sony Audio Products Will Now Be Delivered In 10 Minutes Via…

Gmail Users Can Now Protect Their Emails From Being…


The site, enforcement.xbox.com, permits Xbox clients to see strikes against their profile, just as document claims if they feel the strike is unreasonable. It was discovered that after a client signs in to the site, it makes a treat document with subtleties of the web meeting in their program. This treat document incorporated a decoded Xbox client ID (XUID) field.


Harris had the option to utilize standard program devices to alter the XUID field and supplant it with the XUID of a test account he had made for the  Xbox bug bounty programme.  When he replaced the worth and revived the page, messages of different clients were obvious. Look at the video by Harris specifying the equivalent.

Microsoft November 2020 Patch Tuesday arrives with fix for Windows zero-day | ZDNet


Although this bug did not influence other subdomains. The report expresses that Microsoft fixed this bug a month ago and scrambled the XUID. It was a worker side fix, and a Microsoft representative revealed to ZDNet that clients don’t have to do anything. Also, while the bug was not covered under the organization’s bug abundance program. It highlighted Harris as a benefactor in its Bug Bounty Hall of Fame. Notwithstanding, there was no money related prize.


The bug could also release genuine email IDs to programmers who could then be utilized for pernicious purposes. It is alarming that no unique device was required to gain admittance to other client’s email ID.

Get real time updates directly on you device, subscribe now.

Kaushiki Ghosh 614 posts

I am Kaushiki Ghosh from Kolkata, India. I’m a 3rd Year Student from B.com Department. I am from THK Jain College.

You might also like
Gadgets

Sony Audio Products Will Now Be Delivered In 10 Minutes Via Blinkit In India

Blogs

Gmail Users Can Now Protect Their Emails From Being Forwarded, Copied, Printed Or…

Software & Apps

Brave Search Introduces Chat Mode, Bridging the Gap Between Search Engines and AI…

Software & Apps

WhatsApp’s latest update turns voice messages into text