It appears you have not yet registered with our community. To register please click here...

Go Back [M] > Madshrimps > WebNews
Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication
Thread Tools
Old 25th June 2014, 12:24   #1
jmke's Avatar
Join Date: May 2002
Location: 7090/Belgium
Posts: 79,013
jmke has disabled reputation
Default Security Researchers Uncover Bypass of PayPalís Two-Factor Authentication

Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPalís two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service ( ó an API used by PayPalís official mobile applications, as well as numerous third-party merchants and apps ó but also partially in the official mobile apps themselves.

As of the date of this post (June 25), PayPal has put a workaround in place to limit the impact of the vulnerability, and is actively working on a permanent fix. In light of the vulnerability reporting timeline and the trivial discoverability of the vulnerability, we have elected to publicly disclose this issue, so that users can be informed to the risks to their PayPal account security.
jmke is offline   Reply With Quote

Similar Threads
Thread Thread Starter Forum Replies Last Post
New telescopes could uncover a wormhole in our own galaxy Stefan Mileschin WebNews 0 21st May 2014 07:43
How to Use Two-Factor Authentication for Windows Live on Your Devices Stefan Mileschin WebNews 0 13th May 2013 08:34
PayPal's Chief Information Security Officer predicts the end of the password Stefan Mileschin WebNews 0 13th May 2013 08:11
Uncover gives your MacBook's lid a new, Apple-less kind of glow Stefan Mileschin WebNews 0 29th April 2013 09:30
Evernote plans two-factor authentication following last week's hack Stefan Mileschin WebNews 0 6th March 2013 09:34
iOS 6.1 bug allows user to bypass Lockscreen security code jmke WebNews 0 14th February 2013 13:36
Scientists uncover gene responsible for beer-foam Stefan Mileschin WebNews 0 2nd November 2012 06:40
How to Secure SSH with Google Authenticatorís Two-Factor Authentication Stefan Mileschin WebNews 0 15th August 2012 06:22
The sky isn't falling: a look at a new Vista security bypass jmke WebNews 0 12th August 2008 10:54
Wireless authentication problem AngeluS Hardware/Software Problems, Bugs 3 22nd April 2004 12:13

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT +1. The time now is 21:08.

Powered by vBulletin® - Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO