Skip to main content

PayPal Mobile Apps Plagued by Authentication Flaw: Benjamin Kunz

posted onSeptember 8, 2015
by l33tdawg
Credit:

An unpatched vulnerability affecting PayPal’s mobile applications can be exploited to access restricted accounts and even bypass the two-factor authentication (2FA) mechanism, a researcher claims.

PayPal can ask users to confirm their identity for fraud protection and due to regulatory obligations. When users are asked to verify their identity, they are blocked from accessing their account and instructed to call or email PayPal to complete the process.

However, according to Benjamin Kunz Mejri, the founder and CEO of Vulnerability Lab, restricted accounts can still be accessed via the PayPal mobile apps for Android and iOS. The researcher says the applications are plagued by a vulnerability that can be exploited to access such accounts through repeated login attempts that leverage valid session cookies.

Source

Tags

Security PayPal Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th