PT-2021-5137 — Improper Authorization in Mastercard+1 Mastercard Tokenisation Service+1

PT-2021-5137 · Mastercard+1 · Mastercard Tokenisation Service+1

Published

2021-03-01

Updated

2021-03-01

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions MasterCard Tokenisation Service (MDES) (affected versions not specified)

Description The issue is related to the exploitation of weaknesses in the GPay/MasterCard pair, potentially allowing an attacker to clone transactions and make payments exceeding the Tap & Go limits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BDU:2021-05931

Affected Products

Gpay

Mastercard Tokenisation Service

PT-2021-5137 · Mastercard+1 · Mastercard Tokenisation Service+1

Weakness Enumeration

Related Identifiers

Affected Products

References · 1