China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

articleweek

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

"Private silver" public number, the day before yesterday zero issued a "sudden"! "China Merchants Bank online banking serious loophole"

How terrible is the flaw?

Members of the China Merchants Bank customers stand firm!

In China Merchants Bank online banking, you can view other customers' information! And change it!

That is to say, you stay in the Bank of China's information, may also be others see light! Change light!

(information includes complete sex, e-mail address, permanent address, unit name, unit address, unit postal code, unit phone, and part of the reserved bank mobile phone number.)

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Call the Bank of China Merchants Bank, the bank will make you and other users wrong, and then you enter the three password, you can lock someone else's Bank card!

That is to say, your bank card may be inexplicably locked by someone else.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

As a former bank, and now the China Merchants Bank card customers (this is my salary card ah), the female driver scared the article did not finish, go to check their balance and personal information!

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

It's an exaggeration for banks to have such terrible user information leaks!

But what is more terrible is the attitude of the bank to the matter!

The CMB is iron heart, going to trivialize ones, remain silent, put things down!

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Reportedly, China Merchants Bank internal requirements: strictly prohibit internal forwarding, especially in large groups are prohibited forwarding, so as not to click rate expansion! Do a good job of appeasing customers.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

May 26th incident. Within 24 hours, the China Merchants Bank did not issue any statement, nor did it give any security warning and risk warning to the China Merchants bank.

In the evening of May 27th, China Merchants Bank finally passed micro-blog, issued a note.

Funny is, serious user information leakage and account security problems, the Bank of China with "light" "server transient communication anomaly", "system episodic display cache information" sent.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

"We are not fools," the netizens said"

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

There is a loud noise

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

A failed crisis dealt with not only the customers, but also the front-line staff who did not know the truth.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

This time, China Merchants Bank chose to stand in the reputation of the bank, not from the point of view of responsibility.

To protect its reputation, CMB closed information and avoided proliferation, without giving bank clients any risk warnings and security warnings.

Crisis PR is an emergency skill and a social art. But in the end, the most successful public relations crisis is another.

A listed bank, the custody of tens of thousands of user information, the occurrence of such a serious information leakage, customers do not want to appease, not to hide! What the customer wants is the reminder, the truth!

Problems with computer systems can happen to any company. A loophole does not negate the security of a bank's system.

But the choice after the crisis, but can see the vision and responsibility of a senior enterprise.

China Merchants Bank this choice, representing clients in their hearts where the shit (at least not his name).

To tell the truth, such a "high PR policy", we are not doing the Secretary "! What's more, you're just a bank.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

At the beginning of the article "private silver" account, the author is a senior bank, but also China Merchants Bank customers. He wanted to tell more people about it, so that everybody would be on the alert.

As a result, the author encountered personal threats and human flesh of "Shanghai branch of China Merchants Bank"!

This is called "suiyueruge" of China Merchants Bank, up to a "ask for help".

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Next, borrow the name of a friend. And then ask for permission to delete the text in an official unquestioned tone.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

When rejected, the "ask for help" mask says "tear" and "tear"! Began to speak ill of the author......

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Finally, threatened to find negative reports...

This is not finished, the Chinese merchants still do not give up. Find out the author's picture and show the human flesh author!

Also said China Merchants Bank leadership borrowing power to do evil, will not miss the author! It's hard to lay down such subordinates, and the leaders don't lie on guns

Want to say with this line of clerk: "the system has a loophole can fill, the brain has the loophole to be more troublesome.".

Banks do not want to expose their ugliness, from the media to expose. This is a kind of damage to the image of the bank.

But for more people, this is a fact, a reminder of good will!

When something goes wrong, there is always someone who dares to speak the truth.

I wonder if it will happen today, but some people come to the "female meat driver" and ask me to delete them......

Following is the "private silver" announced the loopholes in the whole process:

May 26th, landing Merchants Bank online banking, access to modify the information page, will jump out of a LU layer exception

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Then you'll see other user information, complete sex, e-mail address, permanent address, unit name, address, zip code, unit unit telephone, and some hit code reserved bank mobile phone number.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

The guards are:

You can also modify other people's information!

Yes! Your information can also be modified by others!

More exaggeration is that you can see another person's message again

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Brush again and see one

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

The old man's retirement was to see man's life and family possessions

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

The telephone bank also made a mistake in customer information channeling

As early as the end of 2016, the CBRC father has been concerned about the China Merchants Bank credit card leaked customer mobile phone number of events. Actually, not a...

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

From 1987 to 2013.

This "full stop" has profound meaning.

China Merchants Bank exposed serious vulnerabilities: personal information can be modified to blame server cache

Write the article, the last thing before going to bed, is the China Merchants Bank this pay card money transferred away. Wait until I trust your server cache is okay.

How many merchants bank teller and financial manager, a hard-earned tears deposit?. That's how you're being your own public swine teammate