Another authentication flaw affects PayPal mobile API, an attacker exploiting it could gain access to Blocked Accounts. The authentication restriction bypass vulnerability, resides in the mobile API authentication procedure of the PayPal online-service. Even if the access to the account has been restricted by PayPal, the user simply switching to a mobile device is able to complete the authentication procedure without restrictions. The security risk of the auth bypass restriction vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.2.”]
Source: http://securityaffairs.co/wordpress/29104/hacking/authentication-vulnerability-paypal-mobile.html