The Phaserl


150 Million PayPal Accounts In Danger of Hijacking

by Tara Seals, InfoSecurity:

A vulnerability that would have enabled a hacker to completely bypass the authentication system in PayPal has been patched, resulting in a $10,000 bounty for the white-hat that found it.

Worth every penny, too: the flaw put 150 million PayPal customers in danger of having their accounts hijacked with a low-effort, simple gambit.

The flaw was publicly disclosed by Egyptian researcher Yasser Ali, after he saw that the cross-site request forgery (CSRF) Prevention System implemented by PayPal had a critical flaw. The CSRF token for authorization of users is changed with every request made by a user as a security precaution. But, Ali found that the ‘CSRF Auth’ token is reusable for a specific user email address or username, meaning that a hacker could intercept and take possession of the tokens, and then simply reuse them to access the account of the correlated, logged in user.

Read More @

Help us spread the ANTIDOTE to corporate propaganda.

Please follow SGT Report on Twitter & help share the message.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>