- From: RomanKaliupin <notifications@github.com>
- Date: Tue, 08 Dec 2020 06:26:16 -0800
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 8 December 2020 14:26:28 UTC
Hello, Was found an issue in security. The case: 1. User installed **https://evil.com/** Payment App which has payment instrument basic-credit (like in bobpay). 2. User opened website with Payment Request which support **basic-credit** payment methods. 3. User is able to select **https://evil.com/** payment app and enter sensitive data which can be stolen since **evil.com** support basic-credit instrument. Was also found that you planned to implement a solution which will help in troubleshooting of this bug: https://github.com/w3c/payment-request/issues/815 but it still in To-Do list. Is it possible to somehow fix this security issue? Best, Roman. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-handler/issues/379
Received on Tuesday, 8 December 2020 14:26:28 UTC