Xbox password flaw exposed by five-year-old boy

4.6
A five-year-old boy who worked out a security vulnerability on Microsoft's Xbox Live service has been officially thanked by the company.

Kristoffer Von Hassel, from San Diego, figured out how to log in to his dad's account without the right password.
Microsoft has fixed the flaw, and added Kristoffer to its list of recognised security researchers.
In an interview with local news station KGTV, Kristoffer said: "I was like yea!"

The boy worked out that entering the wrong password into the log-in screen would bring up a second password verification screen.
Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account.

Kristoffer's name now appears on a page set up to thank people who have discovered problems with Microsoft products.
The company also gave him four free games, $50 (£30), and a year-long subscription to Xbox Live.

Posted:
Related Forum: Xbox Forum

Source: http://www.bbc.co.uk/news/technology-26879185

Comments

"Xbox password flaw exposed by five-year-old boy" :: Login/Create an Account :: 115 comments

If you would like to post a comment please signin to your account or register for an account.

MissPosted:

Such a lucky kid man, thankfully he did it instead of someone else.

JimboPosted:

Wow that is extremely impressive for a 5 year old. Lucky for us an annoying hacker didn't find it and compromise passwords.

dTpPosted:

Pretty cool he got remebered as a thanking member.

They will probably give him a free Xbox 720 in the near future.

TFJPosted:

I sincerely thank that 5 year old kid. Without him most likely it wouldn't have been found. And are xbox live accounts would be compromised.

GaryPosted:

Wow just by pressing space a few times, Microsoft that is a horrible "backdoor". Well anyway i hope that kid enjoys his new games haha

LostPosted:

That might not sound like a lot to you but to a 5-year-old kid that's quite a lot.

KuraPosted:

FaIIen
YhCHKN
itomni
Yui Only $50 [30] + Four free games for finding a major flaw like this. Dang, Maybe should get a little more but with the money received + the four games + 1 year membership, maybe the price was right for him. But maybe he should get a little more anyways.


Hes Five REALLY! they gave him $110.


Sorry.
$110 is nothing!
He found a major flaw in the system which could've caused MS a lot of money.


If he was older than five, yeah the the reward should be greater.


Plus, the money (If he was rewarded more) would of gone to his parents and he could of done nothing about it.

Nintendo64Posted:

This is insane, they now have a 5 year old as a security researcher... GO ON SON! haha! :)

Bebe_RexhaPosted:

"I was like yea!" - What a funny kid xD
But I think this was a fair reward for a 5 year old. If he was older, then it should be more, but he's only 5.
I just find it funny how a 5 year old can figure out a major flaw!

Evo8Posted:

YhCHKN
itomni
Yui Only $50 [30] + Four free games for finding a major flaw like this. Dang, Maybe should get a little more but with the money received + the four games + 1 year membership, maybe the price was right for him. But maybe he should get a little more anyways.


Hes Five REALLY! they gave him $110.


Sorry.
$110 is nothing!
He found a major flaw in the system which could've caused MS a lot of money.


If he was older than five, yeah the the reward should be greater.