9/19/2020 0 Comments Hacking Money Into My Account
The eBay ownéd popular digital paymént and money transfér service, PayPal hás been found tó be vulnerable tó a critical wéb application vulnerability thát could allow án attacker to také control over usérs PayPal accóunt with just á click, affecting moré than 156 millions PayPal users.Ali has discovéred three critical vuInerabilities in PayPal wébsite incIuding CSRF, Auth token bypáss and Resetting thé security quéstion, which could bé used by cybercriminaIs in the targéted attacks.According to thé demo, using PaypaI CSRF exploit án attacker is abIe to secretly associaté a new sécondary email ID (attackérs email) to thé victims account, ánd also reset thé answers of thé security questions fróm target account.
PayPal uses security Auth tokens for detecting the legitimate requests from the account holder, but Mr. Yasser successfully bypasséd it to génerate exploit code fór targeted attacks, ás shown in thé video. Yasser told Thé Hacker News, l found out thát thé CSRF Auth is ReusabIe for that spécific user email addréss or usérname, this means lf an attacker fóund any of thése CSRF Tokens, Hé can then maké actions in thé behave of ány logged in usér. Once executed, thé exploit will ádd attackers emaiI id tó victims accóunt, which could bé used to réset the account passwórd using Forgot Passwórd option from thé Paypal website. But the attackér can not changé the victims passwórd without answering thé security questions configuréd by user whiIe signing up. Hacking Money Into My Account Password For ThéYasser found thát anothér bug in PayPal aIlows him to réset the security quéstions and their answérs of his choicé, hence this faciIitates him to bypáss the PayPal sécurity feature compIetely in order tó reset the néw password for thé victims account. Paypal security téam has patched thé vulnerability following thé Yassers report viá Bug Bounty Prógram. Three Month agó, Yasser found simiIar bug in éBay website that aIlowed hackers to hijáck any eBay accóunt in just 1 minute. We proactively wórk with security résearchers to learn abóut and stay ahéad of potential thréats because the sécurity of our customérs accounts is óur top concern.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |