Bugtraq mailing list archives
Re: verisign payment site backdoor ?
From: redwood () visualjourneys com (Nojan Moshiri)
Date: Fri, 8 Feb 2002 09:08:49 -0800 (PST)
Is this a function of Verisign or a function of Address Verification (AVS) on the credit card side. Credit Card companies use the digits of your stress address and your zip to validate billing. This may be true for US citizens only based on verisign's CC verification company. If would be good to try five zeros with a US based credit card. If AVS is being properly used it should no go through. On Thu, 7 Feb 2002, Andrej Todosic wrote:
Hello, so i had today a little adventure with verisign about paying some domains. When you go on their secure site and enter payment information, they now require a security check The security check consists of entering a billing address postal code. Without this the payment wouldnt work. After verifying several times witht hem on the phoen ( their system wont accept a canadian postal code). They told me just to put 5 zeros. The payment went through. I also seem to vaguely remember a mention of it somewhere in the payment confirmation screen. My question is: they gave it to me, so they know very well it exists, but what security do they have if they have a backdoor like this, and what is the point of extra precautions when you publicly tell everyone to use zeros if nothing else works. I dont know if this should be made into a big thing, but i certainly dont feel comfortable with these guys having my CC number. Comments or opinions are welcome. Andrej
Current thread:
- verisign payment site backdoor ? Andrej Todosic (Feb 08)
- Re: verisign payment site backdoor ? Nojan Moshiri (Feb 10)