Payment / Banking sites with vulnerable SSL issues

Although there are official compliance and policies that every financial institution must use strongly encrypted channels for sensitive information transfer, we have been seeing the use of relatively less stronger encryption cipher strengths and unpatched flaws such as SSL Renegotiation Bug in payment /banking related sites depending on the countries/IPs they're hosted.

To make concerned people aware of the issues, we've prepared a list of some vulnerable banking sites snapshot via ssl labs.

Rating A but vulnerable to SSL Renegotiation Attack
Barclays Bank UK 
UOB Bank 
Ever Bank
NatWest Bank
Citizens Bank
Tai Fung Bank
United One Credit Union -
eAdvantage Internet Banking
Isle of MAN Bank
RBS International Bank
Peoples National Bank
CIMB Bank (SG)
Nets (SG)
Rating B [Weak Cipher Support+SSL Renegotiation]
HSBC Bank HongKong
Discover Bank 
MilliKart Bank
Rating C [Weak Cipher Support]
HSBC Main Site   (vulnerable to SSL Renegotiation Attack)
Bank Of America
Deutsche Bank India Branch
RBS (Romania)  (vulnerable to SSL Renegotiation Attack)
Reg CIMB Bank (Thai)
Bhutan National Bank (vulnerable to SSL Renegotiation Attack)
Hume Building Society -
Standard Chartered Online Banking
St. George Bank

Rating D [Weak Cipher/Protocol/KeyStrength Support]
Mutual Trust Bank
Leon Bank
War Wick Credit Union
Oriental Bank


Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks