Re: XSS vulnerability on various german online banking sites (sparkasse) - CORRECTION

[Ulrich Keil <ulrich@xxxxxxxxxxxxx>]

Ulrich Keil wrote:
> The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300 
> billion euro is one of the largest banks for private customers in 
> germany. Many local member-banks of the group use the online banking 
> portal provided by sfze (http://www.sfze.de/), a subsidiary company of 
> Sparkassen-Finanzgruppe.

After having published the XSS vulnerability on various sparkassen 
online banking sites 24 hours ago, I received feedback from the company 
sfze.

They informed me that the DO NOT operate the online banking portal which 
is affected by the vulnerability.

I therefore have to apologize: It was not my intention to blame the 
wrong company. sfze has nothing to do with the XSS vulnerability on 
german online-banking sites.

To say this clear: I do not know definitely which subsidiary company of 
Sparkassen-Finanzgruppe is responsible for the online banking portal, 
and is able to fix this problem.

Ulrich Keil
--
http://www.derkeiler.com
PGP Fingerprint: 5FA4 4C01 8D92 A906 E831  CAF1 3F51 8F47 1233 9AAD
Public key available at http://www.derkeiler.com/uk/pgp-key.asc