Popular internet payment provider PayPal has fixed an exploit that would have allowed hackers to take over an account with a single click, reports The Register.
The PayPal bug, a ‘cross-site request forgery’, was discovered by Egyptian researcher Yassar H Ali, who found it was possible to access any account if a hacker could convince the account’s owner to click a link. Once clicked, the hacker would be able to link their email addresses to a victim’s account, then reset the password and take over the account due to reusable authentication tokens valid for all users.
PayPal bug bounty catches account-hijacking vulnerability
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.