Today's Hard|Forum Post
Today's Hard|Forum Post

Friday June 27, 2014

PayPal Two-Factor Authentication Broken

It looks like PayPal is finally getting around to doing something about its broken two-factor authentication system.

Lanier, whose team also created a proof-of-concept demonstrating how the bug could be exploited, says the worst-case scenario would be an attacker gaining access to a user's password, bypassing the second factor of authentication, and transferring money from the victim's account. "An attacker could use someone's credentials they got from a password dump" to bypass the second factor step in logging into the account, he says.

Comments