A flaw in the web platform of Fiserv Inc., a technology services provider for financial institutions, reportedly exposed personal and financial account information on hundreds of bank websites. The vulnerability was discovered within its one-way messaging feature.
Javvad Malik, Security Advocate at AlienVault:
“This appears to be the case of oversight in the application development and testing phase. Being able to change a value in the URL to gain access to other accounts is a well-documented security flaw that should be avoided. Knowing of this vulnerability, it would have been trivial for an attacker to write a script that would automatically change the URL and harvest many customers details.
It goes to highlight that small errors can slip through, even for large companies that are well-versed in security. It’s good to see Fiserv was able to respond and create patch in a timely manner.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.