A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.
Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials.
No comments:
Post a Comment