A German student from Berlin, at the Ruhr University of Bochum, claims to have found a way to break Microsoft's CardSpace authentication framework. CardSpace is Microsoft's Web-based identity service. The attacker can exploit this flaw to access protected user data, such as passwords, credit card numbers and addresses, as they are being transmitted.