Frontier Password Reset Bug Leaves Accounts Vulnerable

Security researcher Ryan Stevenson recently identified a flaw in internet and cable giant Frontier’s account password reset method that allowed attackers to gain access to an account with just a username or email address.

Stevenson said that he used Burp Suite, a network intercept tool, and a test account to automatically send hundreds of six-digit access code iterations to the browser, one after the other. He was able to show that a correct code returned a bigger server response than the incorrect codes.

A Frontier spokesperson said that they have temporarily shut down the functionality out of caution while the matter is being investigated.

Source: ZDNet