Five months after Ameriprise Financial fixed a bug that could have helped
criminals steal user authentication credentials, the financial giant’s website
is vulnerable again.
The flaw looks almost identical to one The Register reported in August. It
allows attackers to inject malicious code into official Ameriprise webpages that
steals user cookies. Websites often use such files to authenticate users before
giving them access to restricted content or services.