A PayPal Bug Could Have Exposed Passwords To An Attacker

PayPal

Every once in awhile, a researcher is able to find exploits before they are used in a malicious way. Today, we learned that a PayPal bug could have exposed passwords to an attacker.

Thankfully, a researcher was able to discover it before it was used against anyone. The researcher was Alex Birsan, who earned $15,300 for reporting the problem. The problem was reported to the company on January 18th, which was then fixed within 24 hours.

The problem was with the recaptcha implementation – In a post over at HackerOne, PayPal said that “unique tokens were being leaked in a JS file used by the recaptcha implementation. ”

PayPal then implemented additional security measures on the security challenge request, which will prevent token abuse. They also assured everyone that no evidence of abuse was found.

avatar
  Subscribe  
Notify of