Top Stories

Infrastructure Vulnerabilities in Mobile Applications

The market for mobile applications is growing and more and more transactions are made on mobile devices. A variety from mobile payment systems is trying to attract the users and this creates a growing field for attackers to get into this systems and manipulate them.

Now, the shop webpages also have to work on various platforms and devices and special versions for each device are often created. This again gives attackers a big range of attack vectors.

PayPal Inc - 2FA & Security Approval Restriction Auth Bypass Session Vulnerability

The Vulnerability Laboratory CEO Benjamin Kunz Mejri discovered a restriction filter bypass vulnerability in the official PayPal Inc mobile API for Apple iOS. By processing multiple login Mejri discovered a vulnerability in the mobile API for Apple iOS and Android OS. Normally an user tries to login and if the account is restricted by several requests, an input form popup opens to call PayPal or write a support ticket mail. By requesting the form multiple times with an existing account, Mejri was able to bypass the authentication verification check and approve the account owner with compromised cookies.