Five months after Ameriprise Financial fixed a bug that could have helped
criminals steal user authentication credentials, the financial giant’s website
is vulnerable again.

The flaw looks almost identical to one The Register reported in August. It
allows attackers to inject malicious code into official Ameriprise webpages that
steals user cookies. Websites often use such files to authenticate users before
giving them access to restricted content or services.


Оставить мнение

Check Also

Ghidra vs IDA Pro. На что способен бесплатный тулкит для реверса, созданный в АНБ

В марте 2019 года Агентство национальной безопасности США (NSA) опубликовало инструментари…