On the platform DX.Exchange revealed critical security issues. Representatives of the Estonian company noted that they are trying to eliminate the shortcomings as quickly as possible, since the activity on the stock exchange is gradually increasing.
Traders of the site, who only recently registered on it, said that they could easily get authentication tokens of other users. Because of this, the JSON Web Tokens format has temporarily stopped working, designed to block login entries from multiple addresses for a certain time.
One of the users also found a way to penetrate other people’s accounts from the admin panel. According to him, the leadership of the platform actually had access to information that should remain hidden. The ability to get complete databases with customer information does not match the description in the contract, which users confirm during registration.
Ars Technica conducted additional checks and identified several other vulnerabilities related to the trades themselves and transaction data. Representatives of DX.Exchange noted that while the segments with malfunctions are temporarily disabled, but will soon return to their normal functioning. According to the Nasdaq management, the problems can be called the shortcomings of the pilot launch of the site, which has been operating for only a few months.