Eric Brown
Now an XSS vulnerability discovered in eBay.
After the recent revealing of the EBay hack which affected up to 145 million users and was the 2nd largest in history, now comes another setback.
A Cross site scripting (XSS) vulnerability was discovered in the eBay labs page and another exploit was found which allowed a user to upload a shell via the Flash upload page. However, these exploits have now been fixed.
Post the hack EBay asked its users to reset all their passwords and when users tried to use stronger and random passwords using a password generator they were surprised to see that the stronger and entropy passwords were red flagged and deemed weak while the system was accepting the worlds most commonly used passwords which the company itself explicitly marked as unacceptable.
The trouble seems to be growing for EBay as of now. Last week it was also hit by Google and about 80% of its search traffic vanished.
A Cross site scripting (XSS) vulnerability was discovered in the eBay labs page and another exploit was found which allowed a user to upload a shell via the Flash upload page. However, these exploits have now been fixed.
Post the hack EBay asked its users to reset all their passwords and when users tried to use stronger and random passwords using a password generator they were surprised to see that the stronger and entropy passwords were red flagged and deemed weak while the system was accepting the worlds most commonly used passwords which the company itself explicitly marked as unacceptable.
The trouble seems to be growing for EBay as of now. Last week it was also hit by Google and about 80% of its search traffic vanished.
Comment