Yahoo! has offered $24,000 to
a security researcher for finding out and reporting three critical
security vulnerabilities in its products including Yahoo! Stores and
While testing all the company's application, Mark Litchfield,
a bug bounty hunter who often works with different companies,
discovered three critical vulnerabilities in Yahoo!'s products. All the
three vulnerabilities have now been fixed by Yahoo!
THREE CRITICAL SECURITY VULNERABILITIES
The first and most critical vulnerability gives hackers full administrator access to Yahoo!'s e-commerce platform,Yahoo! Small Business, a portal that allows small business owners to create their own web stores through Yahoo! and sell merchandise.
BUG ALLOWS FREE SHOPPING
Beside allowing hackers full admin access to the web stores, the vulnerability could also leverage an attacker to rig a user-run eCommerce web store to let them shop for free, or at a huge discount, Litchfield claimed.
'ON DEMAND PASSWORD'
At recent SXSW session, Yahoo! launched 'on-demand passwords,' which it says will eliminate the need for you to ever remember your email password. Whenever you need it, the company will send you a OTP (one time password) via SMS to your mobile phone.
It's sort of two-factor authentication—without the first factor involved, as there is no need of any log-in password to enter by a user. In order to opt-in for the feature follow some simple steps:
- Sign in to your Yahoo email account.
- Click on your name at the top right corner to access your account information page.
- Choose Security in the sidebar.
- Click on the slider for on-demand passwords, in order to opt-in.
- Enter your phone number and Yahoo will send you a verification code.
- Enter the code.