Bug in PayPal Renders Two-Factor Authorization Useless

/ 10 years ago

paypal

Security blogger Joshua Rogers of Melbourne wrote a piece about PayPal’s two -factor authorization system at the beginning of June and discovered a pretty concerning bug in it. Anyone with it enabled, would be able to access the PayPal account by using a special login page designed for eBay.

Like any responsible person, he informed PayPal about the issue right away instead of publishing it. The exploit still works 2 month later despite his warnings, so he decided to go public with it now.

eBay’s function to link a PayPal account is the culprit here. When you’re setting up this service and are entering your login details, a cookie is set with your details and you’re redirected to confirm it. Once logged in that way, just go to the main PayPal page and you’re also logged in there. eBay’s special login page completely ignores any two-way factor authorization settings.

Joshua wrote that he could repeat the process unlimited times and even created a YouTube video demonstrating it.

Thank you Just Another Security Blog for providing us with this information

Image courtesy of PayPal
Topics: , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})