Security bugs: Skype crashes reset the password

Skype suffers from a serious vulnerability. It’s not so much the famous VoIP clients to contain the gap because the security procedure for the retrieval of logon credentials. The news has just been around the world since an attacker to leverage on the problem just coming afloat should only know the username that is used by user-victim and the e-mail address you used to register on Skype.

All technical details on Skype vulnerability had appeared two months ago on a Russian forum but only now discovering jumped to Chronicles.

What astonished leaves is the ease with which could be launched an attack against any registered user to Skype network: we use the simple past because the development team has intervened to block any further attempts of aggression.


Until a few hours ago, it was enough to create a new account by specifying the email address of a user already registered with Skype, log on to the network using the credentials just activated then request password reset. At this point, the attacker could impersonate the identity of others receiving also automatically logs of previous conversations with contacts currently online.

Fortunately, Microsoft, which now holds ownership of the network, and Skype has disabled the page that allows you to password reset. Skype will not restore it until the investigation of the matter will not be concluded.