Home arrow Privacy Issues arrow In The News arrow Researcher Finds PayPal Password Vulnerability
User Login





Lost Password?
No account yet? Register
Guard My Credit Menu
Home
- - - THE ISSUES - - -
Videos
Fraud and Scams
Credit Issues
Identity Theft
Privacy Issues
Our Children
Politics & Politicians
- - ACTION CENTER - -
Guard My Credit Links
Helpful Pamphlets
- - - - - - - - - - - - - - -
About ACCESS
Contact Us
About Our Site
Join the Fight
ACCESS is a non-profit, tax exempt consumer advocacy group.

Donations are tax deductable.

Guard My Credit Hits
9008196 Visitors
Researcher Finds PayPal Password Vulnerability PDF Print E-mail

January 15, 2020 - A security researcher by the name of Alex Birsan discovered method to expose the email addresses and passwords for PayPal accounts. The vulnerability, which has since been patched, could have left users of the service open to fraudulent activities.

Image Image

The vulnerability would have taken significant technical ability to exploit, and there is no evidence that it was ever used. It also would have required victims to first visit a fraudulent PayPal page; something which probably could have been accomplished by through a phishing attack. Once that was done, hackers would have been able to access the impacted account and either drain it of funds or make purchases.

With all of that said, it appears that the real problem was the fact that PayPal was storing passwords in plain text, without any encryption. Had the passwords been encrypted, even if someone was able to access them due to the above-mentioned vulnerability, the passwords would have been unreadable. The same is true for the email addresses.

According to an article in Security Week, Birsan said it quite well. "“While this properly fixes the vulnerability, I believe that the whole thing could have been prevented when designing the system by following one of the oldest and most important pieces of infosec advice: Never store passwords in plain text."

After Birsan reported the problem to PayPal, the company patched the problem and then awarded Birsan $15,000 for his findings. 

by Jim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

 

Follow ACCESS
Comments
Search
Only registered users can write comments!

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

 
Guard My Credit Polls
#1 - Why did you visit our site today?
 
.•*´¯☼ ♥ ♥ Your Support of These Links Is GREATLY Appreciated ♥ ♥ ☼¯´*•.
Advertisement
 
Go to top of page
Home | Contact Us |About Us | Privacy Policy
eXTReMe Tracker
02/19/2020 10:42:29