Experts On News: PayPal Confirms High-severity Password Vulnerability

PayPal has recently confirmed that a researcher found a high-severity security vulnerability in CAPTCHA that could expose user passwords to an attacker. The researcher, Alex Birsan, earned a bug bounty of $15,300 (£11,700) for reporting the problem, which was disclosed January 8 having been patched by PayPal on December 11, 2019.

Dan Conrad, Field Strategist,  One Identity
January 13, 2020
Bug Bounties are a good way to encourage ethical disclosure of vulnerabilities.
PayPal’s attempt to validate a user and prevent a scripting attack by using CAPTCHA was actually misconfigured, and created a vulnerability; granted the vulnerability was taking advantage of an outside cross-site request forgery where a user would be attempting to authenticate to PayPal from a malicious site. In this case, the attempt to mitigate a vulnerability by further validating the authen ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article