Coinbase Discloses Password Vulnerability Affecting 3,420 Users


Despite the ridicule that modern tech companies face potentially misleading passwords for plain text, despite better intentions, company-side mistakes can still lead to security vulnerabilities.

On August 16th, a blog post from internal server logs detailed, related to internal server logs The bug was reportedly found internally by the Coinbase team.

As described in the blog post, the website would occasionally fail to load properly when a new account was registered. This resulted in an unsuccessful registration for the end user, meaning that the unsuccessful attempt was recorded in server logs as plain text. However, if a user refreshed the page and attempted to use the same password, the password would have been successfully matched with the hash in the unsuccessful attempt. This means that the individual credentials for malicious purposes.

Coinbase further noted that device verification emails and mandatory two factor authentication (2FA) would have been triggered should a password have been used; however, the company is either declining or forgetting to mention the cybersecurity issue of password reuse. Affected customers who had attempted to register with the same password as their email address would have been more susceptible to personal attack, increasing the severity of the glitch.

Co-funded assured that no information was accessed by the affected party to change their passwords as a precaution.

As those affected make up a mere infinitesimal fraction of Coinbase users, the glitch is not considered to be consequential. Indeed, this bug serves as a caution to companies handling sensitive credentials. The credentials may be secure, the information captured by the end user must be examined with the utmost scrutiny to ensure nothing is taken up in the registration process.

[ad_2]Source link