Dx.Exchange.png

Estonian capturadora platform DX.Exchange, which this week started to offer customers the opportunity to invest in cryptocurrency stocks of technology companies, start with the critical vulnerabilities that pose a threat of leakage of confidential user information. On this edition of Ars Technica after conducting its own analysis of the security data said an anonymous trader.

So, according to him, he was able to get the authentication tokens of other users of ciptofloxacin along with links needed to restore the passwords to their accounts. For half an hour the trader became available 100 tokens JSON Web Tokens, which allows to extract full names and email addresses of customers and use them to access accounts if their owners are not out at the end of the session.

In addition, he found ways to penetrate into accounts and after logging the user out of the system, and through staff profiles site with administrative rights – get the full database with information about customers, the ability to introduce a malware and withdraw funds from their accounts.

Ars Technica conducted an additional test called the vulnerabilities and reported them to the staff DX.Exchange has taken steps to address them.

Recall that DX.The Exchange was created based on the technology exchange giant Nasdaq. Used on the platform of a standard Protocol allows messages to support trade through the API, so the platform can be easily integrated with market-makers, liquidity providers and algorithmic traders and hedge funds.

Source