Ten banks had xss vulnerability – update




A security researcher has sites of ten banks, including ING, Rabobank and ABN Amro, found a xss vulnerability. Therefore could inject malicious own forms in the websites of the banks. The problem has now been resolved.

Besides, ING, Rabobank and ABN Amro also had websites Binck, Alex, ASN, Knab, SNS, Triodos and the Belgian Van Lanschot site suffers from cross site scripting issue exists, says researcher Wouter van Dongen DongIT opposite now. viz. “They were for the most part in Flash files,” he said in front of Tweakers.

The xss vulnerabilities were in the front pages of the banking sites. An attacker could exploit this issue to inject their own code into the site, but he had his potential victims there or be tempted to click on its link. The technique could be used, inter alia, in phishing e-mails. Users are often called upon to check the url of the site. That would be correct, while the attacker can inject its own code.

Van Dongen has a proof of concept made ​​with the HTML elements on the banking sites begin to shake. “I have deliberately not own forms put on the banking sites,” Van Dongen. Meanwhile, the banks have solved the security problem.

Spokesman Ronald van Buuren ING confirms the findings of Van Dongen. “We have been approached in November, and then the security issue is resolved fairly quickly,” Van Buuren. How quickly the problem is solved, is not known. Van Buuren says happy to be with the help of researchers and Van Dongen. Margo also spokesman of Wijgerden Rabobank confirms the leak. According to her, it was a relatively small problem.

Update, 20:57: Reaction Rabobank added.


In: Technology & Gadgets Asked By: [15575 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »