Authentication Bypass Flaw Fixed in Volksbank’s ZU Application

An authentication bypass vulnerability that existed in German Volksbank bank’s online Zinsuniversum (ZU) system has been fixed.

A researcher from the Vulnerability Lab discovered the critical flaw in the bank’s website portal back in February 2011 and the financial institution responded and fixed the issue at an unknown time during the same year.

On January 20, 2012, the security experts publicly disclosed the hole that could have been exploited by a remote attacker to bypass the login form without being authorized.

By relying on the weakness, a cybercriminal could have compromised the application’s database management system to steal account details and passwords.

Zins-Universum, translated as interest universe, is a valuation tool designed for structured products, giving customers the opportunity to create their own portfolios.