The critical flaw could have given an attacker access to the DBMS

Jan 20, 2012 19:21 GMT  ·  By

An authentication bypass vulnerability that existed in German Volksbank bank’s online Zinsuniversum (ZU) system has been fixed.

A researcher from the Vulnerability Lab discovered the critical flaw in the bank’s website portal back in February 2011 and the financial institution responded and fixed the issue at an unknown time during the same year.

On January 20, 2012, the security experts publicly disclosed the hole that could have been exploited by a remote attacker to bypass the login form without being authorized.

By relying on the weakness, a cybercriminal could have compromised the application’s database management system to steal account details and passwords.

Zins-Universum, translated as interest universe, is a valuation tool designed for structured products, giving customers the opportunity to create their own portfolios.