Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw

A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user's Outlook, Azure and Office accounts. The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft's OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by

from The Hacker News http://ift.tt/1Twrmuv