API Threat Research: SSRF on FinTech Platforms

07/04/2022

Salt Security researchers discovered a server-side request forgery (SSFR) vulnerability in an API embedded in many FinTech platform banking systems, which could potentially have compromised millions of bank accounts.

The attackers could have gained administrative access to the banking system, leaked users' personal data, accessed banking data and financial transactions and made unauthorised fund transfers to their own bank accounts.

References

07/04/2022

salt.security

API Threat Research: Server-side Request Forgery on FinTech Platform Enabled Administrative Account Takeover
07/04/2022

threatpost.com

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
07/04/2022

thecybersecurity.nwes

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
08/04/2022

oodaloop.com

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
07/04/2022

infosectoday.com

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
07/04/2022

websecurity.agency

Falla de SSRF en plataforma Fintech permitida para compromiso de cuentas bancarias

Etiquetas