|
Posted by Monty Solomon on May 17, 2008, 4:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
PayPal XSS Vulnerability Undermines EV SSL Security
Posted by Paul Mutton at 16 May 2008
A security researcher in Finland has discovered a cross-site
scripting vulnerability on paypal.com that would allow hackers to
carry out highly plausible attacks, adding their own content to the
site and stealing credentials from users.
The vulnerability is made worse by the fact that the affected page
uses an Extended Validation SSL certificate, which causes the
browser's address bar to turn green, assuring visitors that the site
- and its content - belongs to PayPal. Two years ago, a similar
vulnerability was discovered on a different page of the PayPal site,
which also used an SSL certificate.
...
http://news.netcraft.com/archives/2008/05/16/paypal_xss_vulnerability_undermines_ev_ssl_security.html
|