Catalin Cimpanu reports:
Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark’s biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal’s JavaScript files.
Mr. Ruwhof started to research Danish banking policies out of curiosity, after attending a security conference in Germany, where some of his friends discussed the sad state of security policies for Danish banks.
After spending less than a few minutes on the site of Danske Bank, Denmark’s largest bank, Mr. Ruwhof was able to identify a pretty critical security problem, which he found in the JavaScript files delivered when accessing the banking portal’s login screen.
Read more on Softpedia.
See Ruwhof’s blog post about his discovery here.