Vulnerability in Paypal allows you to remove someone else’s account

The administration of the service has eliminated the vulnerability and promised to pay $ 5,000 for the founder of the vulnerability.

According to information security researcher Ionut Cernica of the company Vulnerability Lab, payment service Paypal contained a dangerous vulnerability that could allow an attacker to remove someone else’s account.

“As a result, several tests with web-app I found out that the owner of the account of the United States when you visit this page can add there a new e-mail. The problem is that the user specified is added without confirmation, even if it is already in use “- said the expert.

As a result of such binding of another e-mail address and its subsequent removal are also automatically delete the original account.

Currently the site has a vulnerability which persists, but it is a surprising fact that it was so simple to use and dangerous to the effects of the attack. Also noted that representatives of Paypal pledged to pay him a fee of $ 5,000.

Read the report on the Vulnerability here.

Tagged ,