Report: Critical Vulnerabilities Leaking User Data Found on DX.Exchange, Patched Later

Estonia-based cryptocurrency and tokenized stock exchange DX.Exchange has reportedly fixed a critical vulnerability that leaked sensitive user data.Technology news website Ars Technica reported on the security leak Jan. 9, citing an anonymous trader who conducted a security analysis of DX.Exchange.According to Ars Technica’s article, a trader, who wished to remain anonymous due to legal concerns, noticed that the exchange was sending sensitive data of other users to their browser. After examining the data, the trader has reportedly found that the data included other users’ authentication tokens and password reset links:“I have about 100 collected [authentication] tokens over 30 minutes, [...] if you wanted to criminalize this, it would be super easy.”The authentication tokens were reportedly formatted in the JSON Web token standard and could be easily decoded with the use of online tools, obtaining full names and email addresses of the exchange’s users.According to ArsTechnica, the trader has explained that…

Read the original article here

IF YOU LIKED THIS ARTICLE CLICK SHARE