DX.Exchange, an encryption-based asset trading platform has lately
he made a positive noise in the news cycle because of his January 7thth
to launch. The exchange has been commercialized as the platform that will bridge the gap
between cryptocurrencies and real stocks, as investors can buy tokenised
versions of Apple, Facebook and Apple, plus some of the most
popular cryptocurrencies like Bitcoin, Ethereum, XRP, Litecoin or Bitcoin Cash.
Just a couple of days after the launch, the song seems to have become popular
The ArsTechnica technology site reported how the platform suffers from greater security
problems.
The problems were exposed by an online trader who decided to do it
do your due diligence and check security on the DX.Exchange website.
After creating a fictitious account and verifying the website with the help of Google
The development tools of Chrome, the trader has noticed several vulnerabilities that could
have caused serious loss of credentials to access the account and personal user
information.
The vulnerability is explained as an authentication token
problem; every time your browser sent one of these tokens (required for access
your account) to the exchange website, the website returned "all sorts of
data extraneous. "The trader understood that this data was extremely sensitive, including
the authentication tokens of other users and also the password reset links. An evil one
the user may use this data to obtain unauthorized access to leaked accounts.
"I have about 100
tokens collected in 30 minutes. If I wanted to criminalize it, it would
be super easy, " explains the trader.
Security issues have not stopped here, like the leaked data
apparently content token belonging to website employees. Self
someone would have had access to this information, they could have easily accessed
on the DX.Exchange website with administrative privileges. Once you have logged in
in this way, the hacker could "download entire databases, seed
the site with malware and maybe even transfer funds from user accounts. "
Since then the exchange has responded, confirming that the problem
has been recognized and resolved.
However, the exchange seems to be plagued by the early launch
problems and bugs that could endanger the information and the reserved funds of their users.
Check here the full ArsTechnica report.
Join our Telegram channel
The writers and authors of CapitanAltcoin may or may not have a personal interest in any of the projects and activities mentioned. None of the contents on CaptainAltcoin is an investment advice, nor does it replace the advice of a certified financial planner.
The opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of CaptainAltcoin.com
[ad_2]Source link