Email This Post Email This Post

PayPal Addresses Security Vulnerability

PayPal has fixed a security hole that could have allowed fraudsters to hijack production systems. The vulnerability could have allowed attackers to install a backdoor on PayPal, according to PC World.

The magazine described how Michael Stepankin, a bug bounty hunter, found the vulnerability in the manager.paypal.com website. “After he reported the issue to PayPal and it got fixed, the company gave him a reward through its bug bounty program, even though his report was marked as a duplicate. It turns out that another security researcher reported the same issue a few days earlier, proving that people are currently scanning for this type of vulnerability.”

PayPal’s engineering team addressed the vulnerability, and said that while the security community has known about deserialization vulnerabilities for a few years, “they were considered to be theoretical and hard to exploit.”

Sponsored Link

You can read PayPal’s post on the PayPal-Engineering.com website.

Ina Steiner on EmailIna Steiner on LinkedinIna Steiner on Twitter
Ina Steiner

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. Send news tips to ina@ecommercebytes.com.


Leave a Reply