Computerbild discloses security loophole at eBay

Wednesday, 14 May 2003, 12:32 PM EST

A loophole remains open in the security system of the eBay online auction house according to reports by Europe’s largest computer magazine COMPUTERBILD and the television channel SAT.1/N 24. Without leaving a trace, hackers can slip through the loophole and bid at auctions using member names or evaluate other members.

They gain unauthorized access by answering the so-called password question. Upon initial registration, each eBay user selects a question to which only he knows the answer. If the eBay user has forgotten his password he can create a new one after answering the question which is freely accessible to every internet user. However, even without changing the password users can bid and evaluate other members with a simple mouse click on a particular menu button, since they are registered automatically in the eBay system after answering the password question.

In this way, hackers get to the "secret" answers: unfortunately, many eBay members worldwide are careless with their personal data. On their individual eBay pages (so-called "Me" pages) they leave information in which the answer to the password question can be found. A dozen times and in a matter of minutes, a hacker demonstrated to the COMPUTERBILD magazine how easy it is to crack members’ accounts. He could have auctioned goods worth several million euro without any trouble at all.

[ Read more ]

Related items




Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //