Infosec bunfight breaks out over 'unproven' PayPal authent bug

    Date14 Sep 2015
    CategoryLatest News
    1327
    Posted ByDave Wreski

    A row has broken out between PayPal and bug hunters who claim to have found a flaw on its website. Vulnerability Laboratory published an advisory about a vulnerability that it said creates a means to bypass the security approval procedure and two-factor authentication applied by the payment service earlier this month, as previously reported.

    PayPal initially told El Reg that it was looking into the problem in a holding statement that acknowledged a separately reported XSS flaw, which was discovered by BitDefender and resolved in July. The payment provider has since told El Reg that it was unable to replicate the problem reported to it by Vulnerability Laboratory, as a statement provided by the firm explains:

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.