Mastercard Internet Gateway Service: Hashing Design Flaw Sep 2017 Yohanes Nugroho

by Yohanes Nugroho Sept. 12, 2017 via tinyhack.com

Last year I found a design error in the MD5 version of the hashing method used by Mastercard Internet Gateway Service. The flaw allows modification of transaction amount. They have awarded me with a bounty for reporting it. This year, they have switched to HMAC-SHA256, but this one also has a flaw (and no response from MasterCard).

http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw

Avatar
negrii_irina88 3 weeks, 5 days ago

flaws in payment are always good information to share...is sad for me to know that payment gateways are not as secure as they might be ..

Reply