Why Microsoft has awarded $50,000 to an Indian researcher


2021-03-04 03:06:51

An Indian researcher Laxman Muthiyah has become the recipient of a $50,000 award by Microsoft under the company’s bug bounty program. Microsoft awarded the Indian researcher for spotting a vulnerability which could lead to someone’s Microsoft account getting hijacked.
As per Muthiyah, the vulnerability could “have allowed anyone to take over any Microsoft account without consent [or] permission.”
He had earlier found an Instagram rate limiting bug that could help hijack someone’s account. He then checked for the same vulnerability on Microsoft’s account.
Microsoft issued the award of $50,000 through the HackerOne bug bounty platform. The Redmond-based tech giant offers in between $1,500 and $100,000 for reporting bugs.
As per Muthiah, Microsoft was “quick in acknowledging the issue” once he reported it. He also says in a blog post that “The issue was patched in November 2020 and my case was assigned to different security impact than the one expected. I asked them to reconsider the security impact explaining my attack. After a few back and forth emails, my case was assigned to Elevation of Privilege (Involving Multi-factor Authentication Bypass). Due to the complexity of the attack, bug severity was assigned as important instead of critical.”

Lastly, Muthiah adds in the blog post: “I would like to thank Dan, Jarek and the entire MSRC Team for patiently listening to all my comments, providing updates and patching the issue. I also like to thank Microsoft for the bounty.”





Source link

24 Comments

  1. WesleyUtiff March 6, 2021
  2. Randyabemi March 8, 2021
  3. Randyabemi March 9, 2021
  4. Wayneweday March 11, 2021
  5. Wayneweday March 13, 2021
  6. Wayneweday March 14, 2021
  7. Ricardomus March 16, 2021
  8. Ricardomus March 17, 2021
  9. Ricardomus March 18, 2021
  10. Ricardomus March 20, 2021
  11. MarvinHag March 22, 2021
  12. MarvinHag March 23, 2021
  13. MarvinHag March 26, 2021
  14. MarvinHag March 27, 2021
  15. MarvinHag March 29, 2021
  16. VictorJonge March 30, 2021
  17. VictorJonge March 31, 2021
  18. Frankhem April 2, 2021
  19. Frankhem April 3, 2021
  20. Charlesget April 5, 2021
  21. Charlesget April 6, 2021
  22. Alfredted April 7, 2021
  23. HarryShife April 10, 2021
  24. HarryShife April 11, 2021

Leave a Reply