Password reset flaw at internet giant Frontier allowed account takeovers

A bug in how cable and internet giant Frontier reset account passwords allowed anyone to take over user accounts. The vulnerability, found by security researcher Ryan Stevenson, allows a determined attacker to take over an account with just a username or email address. And a few hours worth of determination, an attacker can bypass the access code sent during the password reset process.

Stevenson found that the access code field was not limited, allowing him to enter as many codes as he wanted. By automating the process using a network intercept tool on a test account he created, Stevenson was able to reproduce the access code. After disclosing the bug to Frontier, the cable giant told ZDNet that an investigation is underway.

Read more about how a two-factor code used to reset the password for accounts at Frontier could be easily bypassed, on ZDNet.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief