5 year old exposes Xbox One's Live Account vunerabililty

Discussion in 'Gaming Discussion' started by lonesome killer, Apr 4, 2014.

  1. lonesome killer

    lonesome killer Banhammered

  2. VintagePC

    VintagePC GodModePC (Lead Developer) Srcds Server Operator Forum Operator Minecraft Operator Global Moderator Staff Member

  3. Arron Dominion

    Arron Dominion Achievement Hunter

    Command injection is one of the first things you check before releasing functionality lol. Props to the kid for exposing this.
     
  4. VintagePC

    VintagePC GodModePC (Lead Developer) Srcds Server Operator Forum Operator Minecraft Operator Global Moderator Staff Member

    Oh definitely, but headlines are making him out to be some insanely talented "hacker" or script kiddie. (Yay, journalism!)

    IIRC it wasn't even command injection... just bad input validation. Something about just entering a bunch of spaces on the password recovery screen. Probably a buffer overflow on that input causing a false affirmative on validation.
     
  5. Arron Dominion

    Arron Dominion Achievement Hunter

    They did not really understand what the kid did, so it sounds better that way xD. You are right, it just is usually lumped in with command injection even though the two are separate. That sounds like a plausible back-end explanation for that.
     

Share This Page