TweakTown
Tech content trusted by users in North America and around the world
5,915 Reviews & Articles | 38,114 News Posts

PayPal security 'shoddy,' Two-Factor Authentication bypassed

PayPal two-factor authentication website problems give criminals the ability to access accounts, send money (NASDAQ:EBAY)

| Hacking & Security News | Posted: Jun 25, 2014 10:20 pm

PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.

 

TweakTown image news/3/8/38678_01_paypal_security_shoddy_two_factor_authentication_bypassed.jpg

 

Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.

 

"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."

 

Additional details can be found on the Duo Security blog, with another blog entry expected in the near future.

NEWS SOURCES
Theguardian.com, Static-secure.guim.co.uk

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases