google229
microsoft182
facebook159
bug-bounty125
exploit123
apple121
rce88
xss79
writeup59
cve57
browser52
react44
open-source44
docker43
malware43
account-takeover42
aws39
ai-agents36
supply-chain35
node30
dos30
ctf28
oauth27
privilege-escalation26
postmessage23
cloud23
sqli22
cloudflare22
cache-poisoning21
wordpress20
ssrf20
lfi20
automation19
pentest19
tool19
reverse-engineering18
machine-learning18
info-disclosure17
phishing17
llm17
kubernetes16
rust15
code-generation15
cors15
race-condition15
idor15
csrf14
opinion14
infrastructure14
privacy14
0
6/10
Security researcher Laxman Muthiyah discovered a critical account takeover vulnerability in Microsoft's password reset mechanism that allowed brute-forcing 7-digit security codes by sending concurrent requests to bypass rate limiting and IP-based blacklisting. The vulnerability affected both standard accounts and those with 2FA enabled, requiring approximately 11 million concurrent requests to compromise any Microsoft account.
account-takeover
brute-force
rate-limiting-bypass
concurrent-requests
password-reset
encryption-bypass
multi-factor-authentication-bypass
microsoft-azure
bug-bounty
account-recovery
Laxman Muthiyah
Microsoft
MSRC
HackerOne
Instagram
iCloud