This security flaw will allow anyone to log in to a players profile without the need of their password reported San Diego
s T.V. station KGTV.
The weakness on the website came into limelight when Kristoffers father saw his son was playing games that he was not supposed to play. Robert Davies asked his son that how did he access the account and then Kristoffer told him about the weakness he discovered.
Here
s how it happened, The console jumped to a password verification pop up after he typed a wrong password. After hitting the space bar a few times in the password field, he then pressed enter and by doing this Kristoffer successfully accessed his fathers Xbox Live account.
Davies told KGTV, That Kristoffer is only 5 years of age and discovered susceptibility and held on it, that was something extraordinary.
Microsoft has been reported about the flaw and they have fixed it. Microsoft put Kristoffer
s name on their website as a Security Analyzer and They also sent a gift which includes free games and 1-year free subscription for Xbox Live.
Source:- USA Today.