API Threat Research: SSRF on FinTech Platforms

Salt Security researchers discovered a server-side request forgery (SSFR) vulnerability in an API embedded in many FinTech platform banking systems, which could potentially have compromised millions of bank accounts.

The attackers could have gained administrative access to the banking system, leaked users' personal data, accessed banking data and financial transactions and made unauthorised fund transfers to their own bank accounts.