AISECUREME-6-(www.aisecureme.com): How I hacked 40,000 user accounts of Microsoft using 2FA bypass(outlook.live.com)-Artificial Intelligence(AI)

Microsoft Reply:

Hello Vartul

As stated earlier, these are not password reset codes, but just the codes to check if the email provided is valid. These cannot be used to reset password. Also, once the email has been confirmed, an attacker needs to provide verification information about the account for resetting password. That information is then verified. The attack mentioned in the report is not a security bypass.

Please let me know if you have more questions. We have closed the case.

Thanks

MSRC

Reproducing Steps:

  1. Go to below URLs and pick all emails and collect it one tex file.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store