In a shocking decision, PayPal has rejected vulnerabilities reported by researchers as part of the payment giant’s bug bounty program.
Every tech company out there that takes its cybersecurity seriously has a bug bounty program to remain updated. PayPal is one of these though it uses a third party system named HackerOne to handle the entire process. However, this doesn’t appear to be going smoothly.
A few days ago, CyberNews has revealed its report alleging that “PayPal punished us” for finding out 6 critical vulnerabilities.
The vulnerabilities include the following:
1. Their team was able to bypass Authflow – PayPal’s version of 2FA – which is usually prompted by the payment provider to verify the user’s identity if they try to access their account from a previously unrecognized location. They did so by using PayPal’s mobile app along with a Man in the Middle (MITM) proxy which granted them access to an “elevated token” that could be used to gain access.
Since one could find PayPal credentials on the dark web for as little as $1.50, the ease of such an attack is greatly increased. In response to this revelation, HackerOne – the platform – replied with the notion that as the compromise of user accounts is a pre- ..
Support the originator by clicking the read the rest link below.