TweakTown
Tech content trusted by users in North America and around the world
6,099 Reviews & Articles | 39,139 News Posts

PayPal security 'shoddy,' Two-Factor Authentication bypassed

PayPal two-factor authentication website problems give criminals the ability to access accounts, send money (NASDAQ:EBAY)

| Hacking & Security News | Posted: Jun 25, 2014 10:20 pm

PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.

 

TweakTown image news/3/8/38678_01_paypal_security_shoddy_two_factor_authentication_bypassed.jpg

 

Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.

 

"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."

 

Additional details can be found on the Duo Security blog, with another blog entry expected in the near future.

NEWS SOURCESTheguardian.com, Static-secure.guim.co.uk

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases