Yandex money vulnerability or how to recover a payment password

Good afternoon, Habr!

I want to tell you a story of how easily and effortlessly it was possible to restore a payment password from Yandex.Money.

Recently, I came across an ad that offered Yandex.Money withdrawal services for a certain percentage, without a payment password. Searching the Internet, I came across a topic that described this method of recovering a payment password.

As you can see, the method was very simple.

I wrote to Yandex support, after which the vulnerability was closed, but I never received a response.

Tags:

vulnerabilities
Yandex

Also popular now:

Multi Window: An Additional Competitive Advantage for Android Applications / Intel Blog
Online stores deliver correctly using DaData.ru / HFLabs Blog
How the transition to the cloud changes the role of the internal IT service / IT-GRAD company blog
Translation of Kingpin. Chapter 34. “DarkMarket”
VPS (KVM) in the Netherlands - E3-1230 (2 Cores) / 3.5GB DDR3 / 120GB SSD / 1Gbps 25TB until the end of the summer is completely FREE / ua-hosting.company Blog
The second life of servers or a few words about refurbished solutions / Server Mall Blog
Obtaining root access to the ONT Sercomm RV6688 by contact closure
A holy place is never empty - Mirantis Unlocked Appliance / Trinity Blog
SHARED.menu - search for shared hosting / VPS.menu's blog
Comparison of voice assistants for declared functions and features (Lexi, Ubi, Ivee, Amazon Echo, Jibo, Cubic)