API Archives

Researchers at DUO Security claim to have found a way of bypassing a two factor authentication feature that secures logins to Paypal.com, eBay’s online payment service. The vulnerability could allow an attacker who has stolen a Paypal customer’s user name and password to gain access to the account, even though the customer had enabled the more secure two-factor authentication option. DUO described the problem in a blog post early Wednesday. According to researcher Zach Lanier, Paypal has published an API (application program interface) for its Security Key two-factor authentication technology that contains a vulnerability that would allow even a non-technical hacker to bypass the second factor when accessing a Paypal customer’s account. An attacker only needs a victim’s PayPal username and password in order to access a two-factor protected account and send money. “The protection offered by the two-factor Security Key mechanism can be bypassed and essentially nullified,” the company wrote in […]

API

Recent Posts

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

Malicious Python Packages Target Crypto Wallet Recovery Passwords

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

China Calls Out U.S. For Hacking. The Proof? TBD!

Episode 255: EDM, Meet CDM – Cyber Dance Music with Niels Provos

Subscribe to Podcast

API

Researchers Sidestep Paypal Two-Factor Authentication

Share this: