Daily Tech News, Interviews, Reviews and Updates

Xbox Security: A bug found in Xbox could have given away user email IDs by using gamer tags has been fixed by Microsoft

Apps
By Kaushiki Ghosh

Reportedly, Microsoft has fixed a bug in an Xbox site. The bug might have possibly uncovered clients’ genuine email delivers related to their Xbox gamer labels. This problem was accounted for to the organization through its bug abundance program and has since been fixed. The discoveries for the bug that was found on enforcement.xbox.com were imparted to an online distribution recently. The report clarifies that an Xbox client ID (XUID) field was decoded on enforcement.xbox.com.

Xbox Live Bug Allowed Hackers To Reveal Anyone's Email Address - Xbox News

Bug spotted by Joseph “Doc” Harris 


However, the bug in enforcement.xbox.com was spotted by Joseph “Doc” Harris and a group of security specialists.

You Might Also Like

PayPal Launches New Group Money Pooling Feature Across…

WhatsApp Introduces Avatar Creation Feature for Android and…


The site, enforcement.xbox.com, permits Xbox clients to see strikes against their profile, just as document claims if they feel the strike is unreasonable. It was discovered that after a client signs in to the site, it makes a treat document with subtleties of the web meeting in their program. This treat document incorporated a decoded Xbox client ID (XUID) field.


Harris had the option to utilize standard program devices to alter the XUID field and supplant it with the XUID of a test account he had made for the  Xbox bug bounty programme.  When he replaced the worth and revived the page, messages of different clients were obvious. Look at the video by Harris specifying the equivalent.

Microsoft November 2020 Patch Tuesday arrives with fix for Windows zero-day | ZDNet


Although this bug did not influence other subdomains. The report expresses that Microsoft fixed this bug a month ago and scrambled the XUID. It was a worker side fix, and a Microsoft representative revealed to ZDNet that clients don’t have to do anything. Also, while the bug was not covered under the organization’s bug abundance program. It highlighted Harris as a benefactor in its Bug Bounty Hall of Fame. Notwithstanding, there was no money related prize.


The bug could also release genuine email IDs to programmers who could then be utilized for pernicious purposes. It is alarming that no unique device was required to gain admittance to other client’s email ID.

Get real time updates directly on you device, subscribe now.

Kaushiki Ghosh 614 posts

I am Kaushiki Ghosh from Kolkata, India. I’m a 3rd Year Student from B.com Department. I am from THK Jain College.

You might also like
Software & Apps

PayPal Launches New Group Money Pooling Feature Across Multiple Countries

Apps

WhatsApp Introduces Avatar Creation Feature for Android and iOS Users

Software & Apps

YouTube Is Now Letting Creators In US To Remix Songs Via AI Prompts

Apps

Paying For YouTube Premium But Still Seeing Ads: Here’s What YouTube Support…