Sign in / up

back to article Phishing gone: eBay patches to block session-jacking Magento holes

Vulnerability Lab researcher Hadji Samir says eBay has squashed three vulnerabilities in its Magento shopping platform that could permit session hijacking and man-in-the-middle attacks. The penetration tester disclosed this month the vulnerabilities along with proof-of-concept videos showing how attackers could steal session …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Six_Degrees

    "Samir says the three vulnerabilities ranked as medium flaws attracting a security score averaging three"

    What is a "security score"? Is a score of three bad? Good? Middling? What is the range, and which direction does it run from good to bad?

    2 0 Reply
    1. Philip Lewis
      Reply Icon

      @ Six_Degrees

      My conjecture is ...

      a) The score range is 1..5

      b) That in this case, the direction of "scoring" is irrelevant

      YMMV :D

      0 0 Reply
  2. gollux

    The WordPress of eCommerce, brought to you by Magento, an eBay company(tm)

    A bazillion plugins, lots of them for "free" created by security naifs and amateur programmers posing as Magento Experts.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like