Can you believe it, a five-year-old boy from San Diego (California) has found a vulnerability on Microsoft’s Xbox Live service and the vulnerability was not normal.
Vulnerability was really effective, as it allows anyone to access anybody’s account without password, but the thing that five-year-old boy found was really awesome and a simple trick that every child of this age do randomly.
The boy named Kristoffer Von Hassel, logged into his dad’s account without the password:
If we listen Kristopher, so he says that entering the wrong password into the log in field would bring up a second password verification screen, where Kristopher actually found the vulnerability by just simply pressing space bat to fill up the password field allow him to log in into his dad account.
In an Interview, Kristopher said: ‘I was like yea!’
“I got nervous. I thought he was going to find out.”
“I thought someone was going to steal the Xbox.”
His Dad ‘Robert’ sent all the details of the Flaw to Microsoft and it personally thanks to Kristopher, and added his name to their name of the security researchers list, who discovered problems with Microsoft products.
Right now, the flaw has been fixed, but this is a type of record in the world’s history that a five-year-old boy found a serious vulnerability in an high profile website, before this we also have some records of a 14-year-old boy who found XSS Vulnerabilities in many high profile website, but they were not serious as this Microsoft one had.
XSS Vulnerability in Cisco sub domain found by 14 Years Old security researcher.
14 Years Old YOUNGEST SECURITY RESEARCHER found XSS Vulnerabilities in Amazon,Ebay and OLX
The company also gave him four free games, $50 (£30), and a year-long subscription to Xbox Live.