It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication
Reply
 
Thread Tools
Old 25th June 2014, 13:24   #1
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 78,771
jmke has disabled reputation
Default Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication

Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPalís two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) ó an API used by PayPalís official mobile applications, as well as numerous third-party merchants and apps ó but also partially in the official mobile apps themselves.

As of the date of this post (June 25), PayPal has put a workaround in place to limit the impact of the vulnerability, and is actively working on a permanent fix. In light of the vulnerability reporting timeline and the trivial discoverability of the vulnerability, we have elected to publicly disclose this issue, so that users can be informed to the risks to their PayPal account security.


https://www.duosecurity.com/blog/duo...authentication
__________________
jmke is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
New telescopes could uncover a wormhole in our own galaxy Stefan Mileschin WebNews 0 21st May 2014 08:43
How to Use Two-Factor Authentication for Windows Live on Your Devices Stefan Mileschin WebNews 0 13th May 2013 09:34
PayPal's Chief Information Security Officer predicts the end of the password Stefan Mileschin WebNews 0 13th May 2013 09:11
Uncover gives your MacBook's lid a new, Apple-less kind of glow Stefan Mileschin WebNews 0 29th April 2013 10:30
Evernote plans two-factor authentication following last week's hack Stefan Mileschin WebNews 0 6th March 2013 10:34
iOS 6.1 bug allows user to bypass Lockscreen security code jmke WebNews 0 14th February 2013 14:36
Scientists uncover gene responsible for beer-foam Stefan Mileschin WebNews 0 2nd November 2012 07:40
How to Secure SSH with Google Authenticatorís Two-Factor Authentication Stefan Mileschin WebNews 0 15th August 2012 07:22
The sky isn't falling: a look at a new Vista security bypass jmke WebNews 0 12th August 2008 11:54
Wireless authentication problem AngeluS Hardware/Software Problems, Bugs 3 22nd April 2004 13:13

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 01:35.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO