In a shocking decision, PayPal has rejected vulnerabilities reported by researchers as part of the payment giant’s bug bounty program.
Every tech company out there that takes its cybersecurity seriously has a bug bounty program to remain updated. PayPal is one of these though it uses a third party system named HackerOne to handle the entire process. However, this doesn’t appear to be going smoothly.
A few days ago, CyberNews has revealed its report alleging that “PayPal punished us” for finding out 6 critical vulnerabilities.
The vulnerabilities include the following:
1. Their team was able to bypass Authflow – PayPal’s version of 2FA – which is usually prompted by the payment provider to verify the user’s identity if they try to access their account from a previously unrecognized location. They did so by using PayPal’s mobile app along with a Man in the Middle (MITM) proxy which granted them access to an “elevated token” that could be used to gain access.
Image credit: CyberNews
Since one could find PayPal credentials on the dark web for as little as $1.50, the ease of such an attack is greatly increased. In response to this revelation, HackerOne – the platform – replied with the notion that as the compromise of user accounts is a pre- ..
Support the originator by clicking the read the rest link below.
