A PayPal Bug Could Have Exposed Passwords To An Attacker

A PayPal Bug Could Have Exposed Passwords To An Attacker

Every once in awhile, a researcher is able to find exploits before they are used in a malicious way. Today, we learned that a PayPal bug could have exposed passwords to an attacker.

Thankfully, a researcher was able to discover it before it was used against anyone. The researcher was Alex Birsan, who earned $15,300 for reporting the problem. The problem was reported to the company on January 18th, which was then fixed within 24 hours.

The problem was with the recaptcha implementation – In a post over at HackerOne, PayPal said that “unique tokens were being leaked in a JS file used by the recaptcha implementation. ”

PayPal then implemented additional security measures on the security challenge request, which will prevent token abuse. They also assured everyone that no evidence of abuse was found.

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x