Recently, a netizen announced the serious loopholes in the official wechat payment SDK in the foreign security community. What's the matter? Once the attacker obtains the key, he can buy anything for zero yuan, which is terrible.
This vulnerability can invade the merchant server. Once the attacker obtains the merchant's key security key, he can cheat the merchant by sending forged information without paying for anything.
The user also exposed a screenshot of how to use the loophole for consumption, and demonstrated the use of vivo and Momo. Using this loophole, hackers can buy goods and have the risk of disclosing user information.
At present, wechat payment has not released relevant security announcements. Tencent said that the wechat payment technology security team has paid attention to and checked for the first time, and updated the SDK vulnerability on the official website, fixed the known security vulnerability, and hereby reminded the merchants to update in time.