SECURITY VULNERABILITY IN PAYPAL : CREDENTIALS COULD HAVE BEEN STOLEN!
A security vulnerability in Paypal has been detected by an Egyptian 'vulnerabilities hunter' Ebrahim Hegazy. A cross site scripting bug has been patched in the Secure Payments subdomain of Paypal, which could have been misused by hackers to pocket out users' credentials like login details and unencrypted credit card information.
The stored XSS vulnerability on https://Securepayments.Paypal.com was pointed out and manifested to cause exploitation, if eyed by hackers.Paypal accosted the issue two months later and got the proneness plugged.
Ethical hacker, Hegazy identified the possibility of HTML page intercepting the data entered on a secure paypal page, being engineered and transmitted to another server as plain text. This information could have been misused in all possible ways by the breachers.
The “Checkout” button could have been altered with a URL designed to exploit the XSS vulnerability. Through this the attacker would have been able to change the contents of the SecurePayments page and display a deceiving page,controlled by the hacker demanding the victim to enter personal and financial information.
Hegazy reported the detected bug to which the company gave immediate responses.
There are no evidences about any impacted accounts,says paypal.
Paypal rewarded Hegazy with PayPal's top bounty reward of $750 for his contribution in correcting the bug!