Apple bug allows Apple ID password reset with just e-mail and date of birth

Bug found that allows Apple ID password to be reset simply by knowing email and date of birth

Trace Hagan | Mar 22, 2013 at 2:08 pm CDT (0 mins, 36 secs time to read)

If you haven't enabled two-factor authentication quite yet, you might want to get on it. Yes, right now. A new vulnerability has been found that will allow a malicious user to reset a user's password by knowing just their e-mail address and date of birth. It's not clear if this bug resulted from Apple's new two-step authentication or if it has always been there.

Apple bug allows Apple ID password reset with just e-mail and date of birth | TweakTown.com

A guide to doing the hack has been posted online, though we will not be linking to it for some very obvious security reasons. A malicious user has to simply paste in a modified URL and answer the date of birth security question to reset the password. The exploit makes use of Apple's iForgot tool.

Last updated: Apr 7, 2020 at 11:34 am CDT

NEWS SOURCE:theverge.com

ABOUT THE AUTHOR - Trace Hagan

Trace is a starving college student studying Computer Science. He has a love of the English language and an addiction for new technology and speculation. When he's not writing, studying, or going to class, he can be found on the soccer pitch, both playing and coaching, or on the mountain snowboarding.