Tech content trusted by users in North America and around the world
7,026 Reviews & Articles | 50,089 News Posts
Weekly Giveaway: Win a ZOTAC SONIX PCIe 480GB SSD (Global Entry!)

PayPal security 'shoddy,' Two-Factor Authentication bypassed

PayPal two-factor authentication website problems give criminals the ability to access accounts, send money (NASDAQ:EBAY)
| Hacking & Security News | Posted: Jun 25, 2014 10:20 pm

PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.

 

paypal_security_shoddy_two_factor_authentication_bypassed_01

 

Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.

 

"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."

 

Additional details can be found on the Duo Security blog, with another blog entry expected in the near future.

NEWS SOURCES:Theguardian.com, Static-secure.guim.co.uk

Related Tags

Got an opinion on this news? Post a comment below!
loading