Sign in / up

back to article Unconfirmed PayPal 0day auth flaw lingers after XSS gets fixed

Two vulnerabilities in popular payments platform PayPal emerged this week. A cross-site scripting flaw affecting the web payment service was fixed last month, but another flaw is yet to be resolved. The unresolved vulnerability creates a means to bypass the security approval procedure and two-factor authentication applied by …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pascal Monett Silver badge

    Ah, PayPal

    Don't like them much, but can't fault them for leaving stray issues. As far as security is concerned, they actually are leading the pack.

    The fact that the lawsuits would be humongous might be an incentive.

    1 0 Reply
  2. sproot

    And yet

    I've recently started getting spam to my PayPal address, which is several years old. Wonder where it was leaked from, I don't think it's made available to sellers and I've never given it to anyone so they could send me money.

    1 0 Reply
    1. Vic
      Reply Icon

      Re: And yet

      I don't think it's made available to sellers

      It is. Every seller gets your paypal address, even if you've already given them a different one.

      This is, IMO, one of the leakier aspects of PayPal :-(

      Vic.

      0 0 Reply
      1. Nigel Whitfield.
        Reply Icon

        Re: And yet

        Yep; and a bit annoying if you have one PayPal account, with several completely different identities - I collect donations from a few different sites of mine in the one account, and there's a different email address for each, but no way to ensure that a different name is given for people based on which one they used.

        I'd like, for example, if people who donate for the Toppy site get a message thanking them for that, not referring to the fact they paid Nigel Whitfield.

        0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like