Australian web application pentester Shubham Shah says he has identified a flaw in the Bitcoin wallet service Coinbase that can be leveraged by cybercriminals to obtain information that can be used in targeted phishing campaigns.
The issue exists because Coinbase allows customers to send unlimited money requests. The expert has found that if he sends a specially crafted request that contains the email address of the targeted individual and the attackers cookie in the Cookie HTTP header…
Comments are closed.
