Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PayPal 2FA is easily bypassed, teenage whitehat hacker says


  • Please log in to reply
No replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,570 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:08:55 AM

Posted 05 August 2014 - 08:45 PM

 

A teenage whitehat hacker said he has found a simple way that attackers can bypass the two-factor authentication system PayPal uses to protect user accounts.

The circumvention requires little more than spoofing a browser cookie set when users link their eBay and PayPal accounts, according to Joshua Rogers, a 17-year-old living in Melbourne, Australia. Once the cookie—which is tied to a function PayPal identifies as "=_integrated-registration"—is active in a user's browsing session, the two-factor authentication is circumvented, Rogers reported. That means attackers who somehow acquire someone else's login credentials would be able to log in without having to enter the one-time passcode sent to the account holder's mobile phone.

PayPal 2FA is easily bypassed, teenage whitehat hacker says

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users