SSRF Vulnerability in Fintech Platform Allows Compromised Bank Accounts

17
SSRF Vulnerability in Fintech Platform Allows Compromised Bank Accounts-01

Researchers uncovered a flaw in an API that is already incorporated into numerous bank systems, which might have allowed attackers to steal millions of dollars from consumers.

According to experts, a Server-side Request Forgery (SSRF) bug in an API of a prominent financial technology platform could have compromised millions of bank users, allowing attackers to swindle individuals by managing their bank accounts and funds.

Salt Security Labs discovered the flaw in an API on a web page that enables the organization’s platform fund transfer capability, which allows clients to transfer money from their platform accounts to their bank accounts, according to a study released Thursday.

Read More: https://threatpost.com/ssrf-flaw-fintech-bank-accounts/179247/