Mastercard Internet Gateway Service: Hashing Design Flaw Sep 2017 Yohanes Nugroho

by Yohanes Nugroho
Sept. 12, 2017 1 comment

Last year I found a design error in the MD5 version of the hashing method used by Mastercard Internet Gateway Service. The flaw allows modification of transaction amount. They have awarded me with a bounty for reporting it. This year, they have switched to HMAC-SHA256, but this one also has a flaw (and no response from MasterCard).

negrii_irina88 5 months, 4 weeks ago

flaws in payment are always good information to sad for me to know that payment gateways are not as secure as they might be ..