Security blogger Joshua Rogers of Melbourne wrote a piece about PayPal’s two -factor authorization system at the beginning of June and discovered a pretty concerning bug in it. Anyone with it enabled, would be able to access the PayPal account by using a special login page designed for eBay.
Like any responsible person, he informed PayPal about the issue right away instead of publishing it. The exploit still works 2 month later despite his warnings, so he decided to go public with it now.
eBay’s function to link a PayPal account is the culprit here. When you’re setting up this service and are entering your login details, a cookie is set with your details and you’re redirected to confirm it. Once logged in that way, just go to the main PayPal page and you’re also logged in there. eBay’s special login page completely ignores any two-way factor authorization settings.
Joshua wrote that he could repeat the process unlimited times and even created a YouTube video demonstrating it.
Thank you Just Another Security Blog for providing us with this information
Image courtesy of PayPal
Plaion, a leading video game publisher, and Retro Games Ltd., a specialist in reimagined classic…
During the latest earnings call, NVIDIA CFO Colette Kress warned of a potential GPU supply…
Chinese sources say the GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070…
GTA 6 doesn’t have an official release date yet, but it has already earned a…
Stay on Point with ActiveTrack 6.0 - With upgraded tracking tech, OM 6 sticks to…
Pack includes three Wiser Radiator Thermostats. These smart radiator thermostats are only designed to work…