Wednesday, October 15, 2014

PayPal flaw leverages access to blocked accounts

Global payment service provider PayPal is exposed to security threat that allows intruders to gain access to blocked accounts without providing further security information. The issue resides in the mobile API responsible for filtering of account access restrictions. Benjamin Kunz Mejri from Vulnerability Laboratory discovered the vulnerability and reported to Paypal in March 2013. The vulnerable application is based on iOS used by iPhone and iPad unable to check properly for restriction flags that would stop access to victim's account. Although the reported version was 4.6.0, but security researcher believes that latest version is also prone to this issue. <more>

No comments: