Forum OpenACS Q&A: Response to Bugtraq: verisign payment site backdoor ?

Collapse
Posted by Jade Rubick on
A followup posting:
Date: Fri, 8 Feb 2002 09:08:49 -0800 (PST)
From: Nojan Moshiri 
Reply-To: redwood@linex.com
To: Andrej Todosic 
Cc: "'bugtraq@securityfocus.com'" 
Subject: Re: verisign payment site backdoor ?


Is this a function of Verisign or a function of Address Verification
(AVS) on the credit card side.  Credit Card companies use the digits
of your stress address and your zip to validate billing.  This may
be true for US citizens only based on verisign's CC verification
company.

If would be good to try five zeros with a US based credit card. If AVS
is being properly used it should no go through.