Citibank: Forcing Users To Use A Vulnerable Java For Browsers

Citibank CitiDirect users please be advised that the company is forcing the usage of a vulnerable version of Java Runtime that is embedded in internet browsers.

To view this vulnerability and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

clipped from www.criticalwatch.com
CitiDirect-SA-07/07/2010: Citibank CitiDirect – forced usage of vulnerable version of Java Runtime Environment
CitiDirect requires Java Runtime Environment (JRE) installed on client’s
computer and Java plugin enabled in client’s browser. But it requires a
“supported version” of Java, a list of which often does not include
latest version for months after release:
Users of unsupported version of JRE are denied access to online banking
– “The version of Sun Java™ software currently installed on your
computer does not meet the requirements to run CitiDirect® Online Banking”.
Impact of vulnerability

Users are forced to use in a browser a version of JRE plugin, that is
vulnerable to publicly known vulnerabilities, with publicly available
exploits.

Also users are trained to ignore notifications from Java about new
versions, as installing it denies them access to their money. It makes
them vulnerable permanently.
  blog it
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: