« SUN Fixes GIFARs | Main | FireFox 3.0.5 fixes three critical security flaws »

American Express web bug exposes card holders

"A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.

Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials. Depending on how the website is designed, miscreants could use the cookies to access customer account sections, said Russ McRee of the Holistic Security blog. A URL demonstrating this weakness is here."

Read more: http://www.theregister.co.uk/2008/12/16/american_express_website_bug/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Not fixed yet.