According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.
Well, here's how it's exploitable!
The prodecure is as follows:
- Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point.
- Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
- Click Recover password
- Enter the email and date of birth of the target account
- Click continue, then on the confirmation page, click "Reset using E-mail"
- Switch back to the original tab, and enter the code, then click continue
- You will now be asked to enter a new password for the target account
But because the service is taken down, the exploit is no longer executable!
Sony, don't make the same mistake twice. You're just asking for more lawsuit if you continue making doing this! Be a little bit more careful please.
Source:
Kotaku
No comments:
Post a Comment