Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)归海一刀published in(发表于) 2014/2/17 8:10:22 Taobao and Alipay exposed serious vulnerabilities: no password free login
Taobao and Alipay exposed serious vulnerabilities: vulnerabilities without any login password-Taobao, Alipay vulnerability balances treasure holes, no password to log on Taobao, Taobao, Alipay, Po-IT balance information Taobao and Alipay exposed serious vulnerabilities: no password free login
Some time ago, a " PayPal associated bank card, what happens if your phone is lost " the news has caused many users to hot, everyone showed great concern over PayPal Security. However, Alipay to deny this possibility is mentioned in the news. Although a farce, but netizens Taobao and Alipay security concerns are evident.
This afternoon, the renowned vulnerability reporting platform issued an urgent warning that the clouds, Taobao and Alipay cross-certification to be a security flaw, hackers can easily exploit this vulnerability landed someone else operates Taobao and Alipay account, it is not clear whether the balance of businesses such as Bao, storm clouds have submit the vulnerability details to manufacturers, progress and sustained attention to the vulnerabilities, and draw your attention to account security.
Cloud information indicates that the vulnerability was submitted just recently, not described in detail, saying only that it was a design flaw, a logic error, by virtue of it can be found at any Taobao, Alipay account against high level. Vulnerability details have been notified to the manufacturer and waiting for later processing. Taobao not yet responded.
In addition, the editor also found that prior to this vulnerability report, there is a vulnerability report on Taobao, along with this vulnerability is similar.
The author describes this vulnerability as " through a search engine, no account number, password, direct access to the privacy of users (account balances, transactions, address, name, phone number and other sensitive information) ".
Dark cloud official micro-blog, we also find this afternoon, its bursts of two Tweet early warning, it can be seen that the vulnerability is serious indeed.
On the Web, users have been enthusiastic to discuss the incident, some netizens even already use this to login online account and screenshots to prove it.
It can be seen that if the loophole were true, it would be very dangerous and may compromise the user's money was safe.
Until now, many users are still testing the authenticity of vulnerability. According to information IT small make up the latest observations, many users have indicated that this is the case.
As of press time, Taobao also has no response.
淘宝和支付宝被曝严重漏洞:无密码任意登录 - 淘宝漏洞,支付宝漏洞,余额宝漏洞,淘宝无密码登录,淘宝,支付宝,余额宝 - IT资讯淘宝和支付宝被曝严重漏洞:无密码任意登录
前一段时间,一则“支付宝关联银行卡,如果手机丢了会发生什么”的新闻引起了众多网友热议,大家对支付宝的安全性表示出极大的担心。不过,后来支付宝方面出面否认了这则新闻中所提到的可能性。虽是闹剧一场,但是网友对淘宝与支付宝安全性的担忧却可见一斑。
今天下午,国内著名的漏洞报告平台乌云发布紧急预警称,淘宝和支付宝认证被爆存在安全缺陷,黑客可以简单利用该漏洞登陆他人淘宝/支付宝账号进行操作,目前不清楚是否影响余额宝等业务,乌云已经将漏洞细节提交至厂商,并且会持续关注该漏洞进展,请大家注意帐号安全。
乌云网信息表明,该漏洞是近日刚刚提交的,没有详细描述,只说这是个设计缺陷、逻辑错误,凭借它可登陆任何淘宝、支付宝账户,危害等级高。漏洞细节已经通知给厂商并等待后续处理。淘宝方面暂未回应。
此外,小编还发现,在此漏洞报告之前,还有一个关于淘宝的漏洞报告,内容大致与此漏洞类似。
作者将该漏洞描述为“通过搜索引擎、不用账号、密码,可直接获取用户的隐私(账户余额、交易记录、收货地址、姓名手机号码等敏感信息) ”。
在乌云官方微博,我们也发现今天下午其连发两条微博预警,由此可见该漏洞的确很严重。
而在网络上,已有用户在热烈讨论该事件,有网友甚至已经利用该漏洞登陆了几个淘宝账户并截图证明。
由此可见,如果漏洞属实,那将是非常危险的,可能会威胁用户的资金安全。
直到目前,不少网友仍在试验该漏洞的真实性。根据IT资讯小编最新的观察,不少网友已表示情况属实。
截止发稿时,淘宝方面还未有回应。
赞