Published in Games

Microsoft flaw spotted by five year old



Just not seen by Redmond

A software flaw in Microsoft’s Xbox Live service was so basic that a five year old could have found it – in fact one did.

Kristoffer Von Hassel, from San Diego, figured out how to log in to his dad's account without the right password. Microsoft has fixed the flaw, and added Kristoffer to its list of recognised security researchers. The boy worked out that entering the wrong password into the log-in screen would bring up a second password verification screen.

Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account. He was worried his dad would be really cross with him, but since his dad works in security - he sent details of the flaw to Microsoft.

Redmond fixed the problem and Kristoffer's name now appears on a page set up to thank people who have discovered problems with Microsoft products. The company also gave him four free games, $50 (£30), and a year-long subscription to Xbox Live.

Rate this item
(0 votes)

Read more about: