PayPal Hack with a Single Click? Possible!

Three critical vulnerabilities have been discovered in PayPal that could pb a hacker to featherbed the security and take command of any PayPal business relationship. Considered as the top payments and money transfer services, PayPal is used past hundreds of millions of users making this vulnerability quite critical.

PayPal hack possible with a single click:

These vulnerabilities were posted past an Egyptian security researcher, Yasser H. Ali. Posted on his website, he has shared the details of these loopholes of CSRF token reusability, possibility to bypass Auth token, and ability to reset the security questions.

The CSRF token "that cosign every single request made past the user" which can exist also found in the request body of every asking with the parameter proper noun "Auth" go changed with every asking fabricated by user for security measures, but afterward a deep investigation I found out that the CSRF Auth is Reusable for that specific user email address or username, this ways If an attacker found any of these CSRF Tokens, He tin can so make actions in the behave of any logged in user.

The request will comprise a Valid CSRF Auth token Which is Reusable and Can authorise this specific user requests. Upon Farther Investigation, We have found out that an Aggressor can obtain the CSRF Auth which tin exist valid for ALL users, past intercepting the Mail request from a page that provide an Auth Token before the Logging-in process ... At this point the assaulter Can CSRF "almost" whatever request on acquit of this user.

And finally, Ali found that an attacker can reset the security questions of any account without having the need to know the password. Here is how the targeted PayPal hack would work combining these iii vulnerabilities, as Ali has demonstrated in the proof-of-concept video:

Hacker outset associates a new secondary email ID to the target's business relationship using CSRF exploit.
Hacker would exist able to bypass Auth token security that PayPal uses to discover legitimate requests.
One time having associated a new email ID, hacker would use theForgot Passwordcharacteristic to reset password.
Which volition in plow require hacker to answer security questions. Withal, every bit demonstrated, using CSRF exploit attacker would reset the security questions answers and take control of the business relationship.

PayPal has stock-still the vulnerabilities after being shared by Ali.

[Update]:PayPal spokesperson reached to Wccftech making it articulate thatnone of the customers were affected by this outcome:

"One of our security researchers recently made united states of america enlightened of a potential way to featherbed PayPal'due south Cross-Site Request Forgery (CSRF) Protection Authorisation System when logging onto PayPal.com. Through the PayPal Issues Bounty plan, the researcher reported this to us offset and our team worked quickly to set this potential vulnerability earlier any of our customers were affected by this issue. We proactively work with security researchers to acquire about and stay ahead of potential threats considering the security of our customers' accounts is our elevation business."

- Details: Yasser H. Ali