Why Microsoft has awarded $50,000 to an Indian researcher


An Indian researcher Laxman Muthiyah has develop into the recipient of a $50,000 award by Microsoft underneath the corporate’s bug bounty program. Microsoft awarded the Indian researcher for recognizing a vulnerability which could lead on to somebody’s Microsoft account getting hijacked.
As per Muthiyah, the vulnerability may “have allowed anyone to take over any Microsoft account without consent [or] permission.”
He had earlier discovered an Instagram price limiting bug that might assist hijack somebody’s account. He then checked for a similar vulnerability on Microsoft’s account.
Microsoft issued the award of $50,000 by means of the HackerOne bug bounty platform. The Redmond-based tech large provides in between $1,500 and $100,000 for reporting bugs.
As per Muthiah, Microsoft was “quick in acknowledging the issue” as soon as he reported it. He additionally says in a weblog submit that “The issue was patched in November 2020 and my case was assigned to different security impact than the one expected. I asked them to reconsider the security impact explaining my attack. After a few back and forth emails, my case was assigned to Elevation of Privilege (Involving Multi-factor Authentication Bypass). Due to the complexity of the attack, bug severity was assigned as important instead of critical.”

Lastly, Muthiah provides within the weblog submit: “I would like to thank Dan, Jarek and the entire MSRC Team for patiently listening to all my comments, providing updates and patching the issue. I also like to thank Microsoft for the bounty.”