API Threat Research: SSRF on FinTech Platforms
Salt Security researchers discovered a server-side request forgery (SSFR) vulnerability in an API embedded in many FinTech platform banking systems, which could potentially have compromised millions of bank accounts.
The attackers could have gained administrative access to the banking system, leaked users' personal data, accessed banking data and financial transactions and made unauthorised fund transfers to their own bank accounts.
References:
- 07/04/2022 salt.security API Threat Research: Server-side Request Forgery on FinTech Platform Enabled Administrative Account Takeover
- 07/04/2022 threatpost.com SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
- 07/04/2022 thecybersecurity.nwes SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
- 08/04/2022 oodaloop.com SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
- 07/04/2022 infosectoday.com SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
- 07/04/2022 websecurity.agency Falla de SSRF en plataforma Fintech permitida para compromiso de cuentas bancarias