Authentication Flaw in PayPal mobile API Allows Access to Blocked Accounts

Payment services provider PayPal is vulnerable to an authentication restriction bypass vulnerability, which could allow an attacker to bypass a filter or restriction of the online-service to get unauthorized access to a blocked users’ PayPal account.



The security vulnerability actually resides in the mobile API authentication procedure of the PayPal online-service, which doesn’t check for