Yandex money vulnerability or how to recover a payment password


    Good afternoon, Habr!

    I want to tell you a story of how easily and effortlessly it was possible to restore a payment password from Yandex.Money.

    Recently, I came across an ad that offered Yandex.Money withdrawal services for a certain percentage, without a payment password. Searching the Internet, I came across a topic that described this method of recovering a payment password.


    As you can see, the method was very simple.

    I wrote to Yandex support, after which the vulnerability was closed, but I never received a response.

    Also popular now: