PayPal patched a hole in its Manager functionality this week that could have made it easy for an attacker to hijack an admin s account, change their password and steal their personal information. Manager is a feature of the service that allows users to manage their Payflow account. Mark Litchfield, an IT consultant who discovered the hack posted a detailed explanation of it (.PDF) on his pen testing site, Securatary, late Wednesday. The hack will qualify for a PayPal bug bounty program as it exposed a essentially slew of personal information and gives us access to cash register
Source: https://threatpost.com/paypal-fixes-serious-account-hijacking-bug-in-manager/106117/