CYBER NEWS

Vulnerabilidade no PayPal permite invasão de conta

Yasser Ali, um pesquisador independente, relatou que um bug crítico no sistema de prevenção de falsificação de solicitações entre sites tornou todas as contas do PayPal vulneráveis ​​a seqüestros. O problema é que o PayPal possui tokens de autenticação reutilizáveis. They can be used by cyber criminals to link their emails to the hijacked PayPal user account and gain full control over it.

tokens de autenticação

O pesquisador, who has discovered the bug was also able to capture an authentication token valid for the PayPal accounts. He found out that the token accounting for the authentication process of any user request was not modified for an email address. This allows the attacker to perform different modifications in case he gets authenticated.

By intercepting an authentication token that is valid for all users, the researcher was also able to bypass the CSRF Protection Authorization System of PayPal. For this test, he used the Burp toolkit in order to get the POST request from a page that includes a token prior the log-in process.

The researcher provided an example with a page used for sending money to another PayPal user. Along with the emails of both the sender and the recipient, the researcher entered a fake password. This way a token for the request for that particular account war created.

The Password

Later in his research process, Ali tried to find new ways to change the targeted account’s password without being logged in. This is usually impossible if the right answer to the security question is not provided. In order to reach this stage, the attacker would need to log in.

Mas, the user is asked to set a security question when he signs up for the PayPal service, which is not protected by a password. And by being in possession of the CSRF authentication token, the attacker can change the question and provide another answer.

The token validates the following requests:Lupa mostrando a palavra erro no código do software

  • remoção, adding and confirming an email address
  • Modifying the billing address
  • Changing the security question
  • Changing the account configuration
  • Changing the payment methods

The researcher has disclosed the information in a discrete manner through the Bug Bounty program. No momento, all the flaws are fixed.

Avatar

Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...