Latest in Gear

Image credit: Frontier Communications

Frontier Communications' password bug lets anyone into your account

The vulnerability renders two-factor protections useless.
386 Shares
Share
Tweet
Share
Save

Sponsored Links

Frontier Communications

While you might feel more at ease knowing your personal information is protected by two-factor authentication, a bug in Frontier's password reset system is demonstrating that vulnerabilities can open your info up to exposure even when that extra level of protection is available. The internet giant's password system sends users a two-factor code when they initiate a reset, but ZDNet reports that the system lets you enter as many codes as you want, opening up users' accounts to a breach. Spotted by security researcher Ryan Stevenson, the bug means a determined attacker with some time on their hands could get into an account with just a username or an email address.

Stevenson demonstrated the vulnerability on a test account he set up, automating a process that sent code after code to the browser until the right one was selected. That code then let him reset the account password. Based on his demonstration, it would take around a day to try out every possible code with Stevenson's set up, but he says it could probably happen more quickly with a faster connection.

Frontier told ZDNet that it's investigating the issue. "Out of an abundance of caution while the matter is being investigated, Frontier has shut down the functionality of changing a customer's password via the web," a company spokesperson said.

Image: Frontier Communications

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
386 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Mach-E leak reveals a lot about Ford's electric Mustang SUV

Mach-E leak reveals a lot about Ford's electric Mustang SUV

View
Amazon is challenging Microsoft's $10 billion JEDI contract victory

Amazon is challenging Microsoft's $10 billion JEDI contract victory

View
Microsoft is adding 10 'Final Fantasy' games to Xbox Game Pass

Microsoft is adding 10 'Final Fantasy' games to Xbox Game Pass

View
'West of Dead' is a fast-paced shooter starring Ron Perlman

'West of Dead' is a fast-paced shooter starring Ron Perlman

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr