<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: Vuln in Verisign PayFlow Link payment service

Re: Vuln in Verisign PayFlow Link payment service

From: Keith Royster <keith_at_homebrew.com>
Date: Thu, 3 Jan 2002 22:08:25 -0500

> Perhaps a fix for VeriSign would be to passback a secret code
(configurable
> through the PayFlow Link admin panel) that does not originate from a cart
> input value, but is stored and sent from PayFlow. Then a simple 'if'
> statement in the cart software could weed out the bad along with an e-mail
> sent to the admin.

I suggested this very idea to Verisign when I initially contacted them. My
suggestion was to use the account password as the 'secret code' (perhaps
encrypted?), but any shared secret would do as long as it is only passed
directly from verisign back to the shopping cart app.
Received on Jan 04 2002

This message: [ Message body ]
Next message: Eddie Chandler: "Possible Yahoo Messenger security issues"
Previous message: keith royster: "RE: Vuln in Verisign PayFlow Link payment service"
In reply to: Megan McRee: "Re: Vuln in Verisign PayFlow Link payment service"
Next in thread: Erwin Geirnaert: "RE: Vuln in Verisign PayFlow Link payment service"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos